The easy way to create PHP file upload with Validation, spam protection, file size validation, file extension validation, full example.

How To Create PHP File Upload With Validation

Very easy, we need some PHP functions only, read example code to learn.

PHP File Upload Script

Read the instructions next to each line:


        PHP Script By Qassim Hassan,
        PHP File Upload With Validation

    if( isset($_FILES["your-name"]) and is_uploaded_file($_FILES['your-name']['tmp_name']) and isset($_SESSION["token"]) ){ // if request upload file

        if( $_POST["token"] != $_SESSION["token"] ){ // spam protection
            echo "Token is error!";
            return false;

        $get_file = $_FILES["your-name"]["name"];

        $pathinfo = pathinfo($get_file);

        $extension = strtolower($pathinfo['extension']); // get file extension

        $new_name = substr(str_shuffle("zxcvbnmasdfghjklqwertyuiop0123456789ZXCVBNMASDFGHJKLQWERTYUIOP"), 0, 10); // random new name

        $website_url = ""; // enter your website link, don't forget slash in end of link!

        $folder = "my-uploaded/"; // folder to save uploaded files

        $uploaded = $folder.$new_name.".".$extension; // uploaded file link

        $extensions_allowed = array("png", "jpg", "jpeg", "gif", "bmp", "txt", "zip", "rar", "pdf", "doc", "docx"); // extensions allowed

        $types_allowed = array("image/jpeg", "image/jpg", "image/x-png", "image/png", "image/gif", "image/bmp", "image/x-windows-bmp"); // types allowed
        $mega_byte = 1024000;

        $max_file_size = $mega_byte * 10; // 10 mega max file size, you can change the number to increase or decrease the size

        if ( !in_array($_FILES["your-name"]["type"], $types_allowed) ){
            echo "File type is not allowed!";
            return false;

        if( in_array($extension, $extensions_allowed) ){ // check if extension allowed

            if( $_FILES["your-name"]["size"] <= $max_file_size ){ // check if file size eqaul or less than 10 mega

                $move_uploaded_file = move_uploaded_file($_FILES["your-name"]["tmp_name"], $uploaded);

                if( $move_uploaded_file ){
                    echo '<p>File link: <a href="'.$website_url.$uploaded.'">'.$website_url.$uploaded.'</a></p>'; // display file link!
                    unset($_SESSION["token"]); // remove session


            else{ // if file size is not equal 10 mega or more than 10 mega
                echo "Big file!";


        else{ // if extension not allowed
            echo "Not allowed!";


    else{ // Error Messages

        if( isset($_POST["token"]) and !isset($_SESSION["token"]) ){ // if uploaded file (moments ago) spam protection
            echo "Token is invalid! Please refresh the page to upload file again.";
            return false;

        if( isset($_FILES['your-name']) ){
            if( !is_uploaded_file($_FILES['your-name']['tmp_name']) ){ // if empty
                echo "Please choose file to upload it.";

        else{ // if user request file uploader.php from browser
            echo header("location: index.php"); // redirect user to index page



Add session_start() function with $_SESSION[“token”] before HTML Document, for example:

    $_SESSION["token"] = rand(111111,999999).rand(111111,999999); // hidden captcha, spam protection
    // Script by Qassim Hassan,
<!DOCTYPE html>


Now add HTML form:

<form method="POST" action="uploader.php" enctype="multipart/form-data">
    <input type="file" name="your-name">
    <input name="token" type="hidden" value="<?php echo $_SESSION["token"]; ?>">
    <input type="submit" value="upload">

Create new PHP file “uploader.php” and add inside it PHP file upload script code, and create new folder “my-uploaded”.

Live Demo

Check live demo.


Download File Upload Script with demo example.