The easy way to create PHP file upload with Validation, spam protection, file size validation, file extension validation, full example.
How To Create PHP File Upload With Validation
Very easy, we need some PHP functions only, read example code to learn.
PHP File Upload Script
Read the instructions next to each line:
<?php
session_start();
/*
PHP Script By Qassim Hassan, wp-time.com
PHP File Upload With Validation
*/
if( isset($_FILES["your-name"]) and is_uploaded_file($_FILES['your-name']['tmp_name']) and isset($_SESSION["token"]) ){ // if request upload file
if( $_POST["token"] != $_SESSION["token"] ){ // spam protection
echo "Token is error!";
return false;
}
$get_file = $_FILES["your-name"]["name"];
$pathinfo = pathinfo($get_file);
$extension = strtolower($pathinfo['extension']); // get file extension
$new_name = substr(str_shuffle("zxcvbnmasdfghjklqwertyuiop0123456789ZXCVBNMASDFGHJKLQWERTYUIOP"), 0, 10); // random new name
$website_url = "http://qass.im/file-upload/"; // enter your website link, don't forget slash in end of link!
$folder = "my-uploaded/"; // folder to save uploaded files
$uploaded = $folder.$new_name.".".$extension; // uploaded file link
$extensions_allowed = array("png", "jpg", "jpeg", "gif", "bmp", "txt", "zip", "rar", "pdf", "doc", "docx"); // extensions allowed
$types_allowed = array("image/jpeg", "image/jpg", "image/x-png", "image/png", "image/gif", "image/bmp", "image/x-windows-bmp"); // types allowed
$mega_byte = 1024000;
$max_file_size = $mega_byte * 10; // 10 mega max file size, you can change the number to increase or decrease the size
if ( !in_array($_FILES["your-name"]["type"], $types_allowed) ){
echo "File type is not allowed!";
return false;
}
if( in_array($extension, $extensions_allowed) ){ // check if extension allowed
if( $_FILES["your-name"]["size"] <= $max_file_size ){ // check if file size eqaul or less than 10 mega
$move_uploaded_file = move_uploaded_file($_FILES["your-name"]["tmp_name"], $uploaded);
if( $move_uploaded_file ){
echo '<p>File link: <a href="'.$website_url.$uploaded.'">'.$website_url.$uploaded.'</a></p>'; // display file link!
unset($_SESSION["token"]); // remove session
}
}
else{ // if file size is not equal 10 mega or more than 10 mega
echo "Big file!";
}
}
else{ // if extension not allowed
echo "Not allowed!";
}
}
else{ // Error Messages
if( isset($_POST["token"]) and !isset($_SESSION["token"]) ){ // if uploaded file (moments ago) spam protection
echo "Token is invalid! Please refresh the page to upload file again.";
return false;
}
if( isset($_FILES['your-name']) ){
if( !is_uploaded_file($_FILES['your-name']['tmp_name']) ){ // if empty
echo "Please choose file to upload it.";
}
}
else{ // if user request file uploader.php from browser
echo header("location: index.php"); // redirect user to index page
}
}
?>
Usage
Add session_start() function with $_SESSION[“token”] before HTML Document, for example:
<?php
session_start();
$_SESSION["token"] = rand(111111,999999).rand(111111,999999); // hidden captcha, spam protection
// Script by Qassim Hassan, wp-time.com
?>
<!DOCTYPE html>
<html>
<head>
etc..
Now add HTML form:
<form method="POST" action="uploader.php" enctype="multipart/form-data">
<input type="file" name="your-name">
<input name="token" type="hidden" value="<?php echo $_SESSION["token"]; ?>">
<input type="submit" value="upload">
</form>
Create new PHP file “uploader.php” and add inside it PHP file upload script code, and create new folder “my-uploaded”.
Live Demo
Check live demo.
Download
Download File Upload Script with demo example.
2 Comments
Beans
If you post a file over 150MB it will error to “Please choose file to upload it.” and all my PHP settings and script settings are set to 500MB upload. Any ideas why this script does that? If you upload 149 and under it will work perfectly. Any ideas?
Qassim Hassan
It’s working good with me, contact your hosting provider.