Neil is right, also I suggest to analyze this code snippet.
The form must be on a seperate file, after this code you can put HTML to echo the $errorMsg or display a link to te file if it's succesfully uploaded.
Description:
Code:
<?
/* --- HTML CODE FOR UPLOAD FORM ---
<form enctype="multipart/form-data" action="uploadHandler.php" method="post">
<input type="hidden" name="MAX_FILE_SIZE" value="number of bytes" />
<label for="fileInput">Label text</label><input name="fileInput" type="file" /><br />
<input type="submit" value="Upload" />
</form>
*/
// Max file size
$maxSize = (number of bytes);
$uploadRequired = true;
// Declaring the variables for the upload directory and page.
$uploadDir = null;
$uploadPage = null;
// Only php version 5.3.0 and bigger support '__DIR__'.
if(version_compare(PHP_VERSION, '5.3.0', '>='))
{
$uploadDir = (__DIR__.'/directory_to_be_uploaded_to/');
$uploadPage = (__DIR__.'/url_to_upload_page');
}
else
{
$uploadDir = (dirname(__FILE__).'/directory_to_be_uploaded_to/');
$uploadPage = (dirname(__FILE__).'/url_to_upload_page');
}
// Defining error messages
define('ERR_SIZE', 'Error, file size limit exceeded.');
define('ERR_NO_SEL', 'Error, no file selected.');
define('ERR_PARTIAL', 'Error occured during the file upload.');
define('ERR_UNKNOWN', 'Unknown error occured during file upload, retry <a href=\'{ $uploadPage }\'>by clicking here.</a>');
define('ERR_MIME', 'Error, unallowed mime type of file, retry <a href=\'{ $uploadPage }\'>by clicking here.</a>');
define('ERR_REPL', 'Error occured during file translocation');
// Array containing allowed MIME types.
$allowedTypes = array(
'image/jpeg', 'image/pjpeg', 'image/png', ..., ...
)
// Error message: This variable($) will contain the error message.
$errMsg = null;
// This variable will contain the file information collected from the form.
$fileInput = null;
// Start the loop first, because we want to break it before we start uploading.
// Loop keeps on repeating during upload.
do {
if(!isset ($_FILES['fileInput'])) {
$errMsg = ERR_NO_SEL;
break; // Break the loop, we don't want to go any further now..
} else {
// Store the POST data from $_FILES['file_loaded'] into a variable.
$fileInput = $_FILES['fileInput'];
}
// The index 'error' will return any error during upload.
switch($fileInput['error'])
{
case UPLOAD_ERR_INI_SIZE: $errMsg = ERR_SIZE; break 2;
case UPLOAD_ERR_PARTIAL: $errMsg = ERR_PARTIAL; break 2;
case UPLOAD_ERR_NO_FILE: $errMsg = ERR_NO_SEL; break 2;
case UPLOAD_ERR_FORM_SIZE: $errMsg = ERR_SIZE; break 2;
case UPLOAD_ERR_OK: {
if($fileInput['size'] > $maxSize) {
$errMsg = ERR_SIZE;
}
break 2;
}
default: $err_msg = ERR_UNKNOWN; break 2;
}
// Check if file input has allowed mime type.
if(isset(allowedTypes))
{
if(!in_array($fileInput['type'], allowedTypes))
{
$errMsg = ERR_MIME;
break;
}
}
} while(0);
$randPrec = rand(0,255);
$newFilename = $uploadDir.$randPrec.'_'.$fileInput['name'];
if(!$errMsg)
{
if(!move_uploaded_file($fileInput['tmp_name'], $newFilename))
$errMsg = ERR_REPL;
}
?>