4

Does anyone know any good tutorial on how to upload a file with php and save the files path to a sql server?

alecnash
  • 1,750
  • 1
  • 18
  • 42

2 Answers2

13

To upload a file you need at least a HTML POST form with multipart/form-data encoding. Therein you put an input type="file" field to browse the file and a submit button to submit the form.

<form action="upload.php" method="post" enctype="multipart/form-data">
    <input type="file" name="file">
    <input type="submit">
</form>

In the upload.php the uploaded file is accesible by $_FILES with the field name as key.

$file = $_FILES['file'];

You can get its name as follows:

$name = $file['name'];

You need to move it to a permanent location using move_uploaded_file(), else it will get lost:

$path = "/uploads/" . basename($name);
if (move_uploaded_file($file['tmp_name'], $path)) {
    // Move succeed.
} else {
    // Move failed. Possible duplicate?
}

You can store the path in database the usual way:

$sql = "INSERT INTO file (path) VALUES ('" . mysqli_real_escape_string($path) . "')";
// ...
BalusC
  • 1,082,665
  • 372
  • 3,610
  • 3,555
  • 2
    @Col: You downvoted and ranted on the answer instead of elaborating the problem in the answer. Well, then I can't do much to satisfy you. Should I maybe have added an errorcheck/nullcheck? That kind of things. Just say that so instead of ranting :) – BalusC May 21 '10 at 11:25
  • and `$path = "/uploads/"` is VERY common mistake for the newbie developers. It is almost impossible to have uploads directory in the filesystem root in the real environment. Most likely it being confused with document root. – Your Common Sense May 22 '10 at 14:52
  • @Col: I usually use dedicated/colocated hosting where I have just full control over the file system. That's the normal practice in Java webapps as well, but you're indeed right with regard to the average PHP webapp/hosting. – BalusC May 22 '10 at 14:55
  • Just curious, what OS let you upload in the root folder? the only one I know is windows. But it's still bad design to place a directory directly into root folder, outside of application's directory, isn't it? – Your Common Sense May 22 '10 at 15:05
  • True. It was just a kickoff example :) Put them wherever you can write to and is easily to be related to the webapp. For even `/var/www/uploads` or so. – BalusC May 22 '10 at 15:33
  • 1
    `mysql_real_escape_string` is **DEPRECATED** as of PHP 5.5.0, and will be removed in the future. use `mysqli_real_escape_string` instead. – Omar Tariq Sep 10 '13 at 05:47
5

From http://www.w3schools.com/php/php_file_upload.asp

HTML

<html>
<body>

<form action="upload_file.php" method="post"
enctype="multipart/form-data">
<label for="file">Filename:</label>
<input type="file" name="file" id="file" /> 
<br />
<input type="submit" name="submit" value="Submit" />
</form>

</body>
</html>

PHP

<?php
  if ($_FILES["file"]["error"] > 0)
    {
    echo "Return Code: " . $_FILES["file"]["error"] . "<br />";
    }
  else
    {   
    if (file_exists("upload/" . $_FILES["file"]["name"]))
      {
      echo $_FILES["file"]["name"] . " already exists. ";
      }
    else
      {
      move_uploaded_file($_FILES["file"]["tmp_name"],
      "upload/" . $_FILES["file"]["name"]);
      echo "Stored in: " . "upload/" . $_FILES["file"]["name"]; //<- This is it
      }
    }
?>

Note that to upload the file you need to specify the path to save the file. If you save the file you already know it path.

Ben
  • 16,275
  • 9
  • 45
  • 63