FutureQuest, Inc. FutureQuest, Inc. FutureQuest, Inc.
Knowledgebase: PHP/MySQL
Uploading with PHP
Posted on 14 December 2003 05:07 PM
This guide will explain the process of uploading files using PHP on the FutureQuest® servers. This tutorial assumes that you have some experience with PHP.

PHP on the FutureQuest® servers runs under Secure_ModeTM, which was devised by FutureQuest® to effectively be able to turn off safe_mode restrictions, but retain the security benefits of PHP's safe_mode.

All files will be owned by the user ID and user group of the owner.

Disclaimer: This is intended to be a general guide to help you get started with uploading via PHP. FutureQuest® takes no responsibility for your use of this code - in other words, use it at your own risk.

Step 1 - The HTML form

The first step is the HTML form that is utilized to perform the upload. Note that the user must be using an upload-capable browser - there is no way around this (with any script used for this purpose).

It is also assumed that you have some HTML experience, particularly with forms. The first line of the form needs to be like this:

<form enctype="multipart/form-data" action="upload.php" method="POST">

This line tells the browser that the form will be sending the form data in parts - namely, the file to upload and any text being sent (including the local file name). The text in bold is the PHP file we want the form data to go to.

The only other lines that are required are:

<input type="file" name="userfile">
<input type="hidden" name="MAX_FILE_SIZE" value="24000">
<input type="submit" value=" Send File ">

Note that MAX_FILE_SIZE must be set to the maximum file size that you will allow users to upload. Please note that there are server limits as documented in "Is there a limit to the file size allowed for uploads by PHP scripts?".

You can also add any other form fields that you like, just like any normal PHP form. For example, let's say we want to allow users to upload their favorite MIDI files:

<title>Upload a MIDI file</title>

<form enctype="multipart/form-data" action="upload.php" method="POST">

<table border="0">
<td>Song Title:</td>
<td><input type="text" name="songname"></td>
<td><input type="text" name="artist"></td>
<td><input type="file" name="userfile"></td>


<input type="hidden" name="MAX_FILE_SIZE" value="30000">
<input type="submit" value=" Send File ">



The first form field we see is called songname. In our PHP script, this will become a variable called $songname holding the value of the text that was typed into the textbox.

There will also be some variables set, which are not as obvious:

$userfile - the name of the file on server, including full path
$userfile_name - the name of the file as it was on the user's PC
$userfile_size - the size of the uploaded file in bytes
$userfile_type - the type of file uploaded, set by the PC

Now we must do something with this file. It cannot stay in the temporary directory as it will be deleted as soon as the script is finished executing.

Step 2 - The PHP script - upload.php

The next step is to write the PHP file to do something useful with the uploaded file. You will need to create a directory to move the file to. To do this from the command line, type the following:

    cd /big/dom/xdomain
    mkdir temp

This will create a directory called temp 'above' your www directory. Note, of course, that you need to replace xdomain with your xdomain. If your domain is called example.com, you need to replace xdomain with xexample. Its full path would then be:


Note that this directory is not accessible from the web - you can use a directory under your www directory, but it will then be immediately accessible. It is recommended to use a directory that is only accessible by you via FTP or SSH so that you can approve the submission before posting it on the web.

We now have somewhere to put the newly uploaded file and we have some variables to work with. It is now time to create some PHP code to finish the job. Anything in bold will need to be changed:


# upload.php - a script for utilizing files uploaded
# with PHP on FutureQuest®

# Use this script at your own risk

# First, we need to do something to the file:
# This will double check that the file is not too large:

if ($userfile_size > 30000) {
    print "Your file is too large. Please use your back button.";


# Next, we will make sure it is in fact a MIDI file. We could
# use the variable $userfile_type, but this is set by the user's
# PC, and can vary too often. Instead we will check the file
# extention:

if (!eregi(".mid$", $userfile_name)) {
    print "Sorry, only MIDI files here (with a .mid extention).
        Please use your back button";


# Now that we know the file is not too large 
#  and is the right type,
# let's move it to our directory:

# We will use the @ symbol before the copy function to
# suppress any warnings or error messages - we'll handle that
# ourselves.

if (@copy ($userfile, "/big/dom/xdomain/temp/$userfile_name")) {

    # Delete the temporary file
    unlink ($userfile);

    # Thank the user
    print "Thank you for your submission of $artist's $songname.
    We have saved it in our temporary directory and will 
    post it to our page shortly.";

    # Email message for us
    $message = "Hello,
$artist $songname has been submitted via your PHP form.
It can be found at 
It was successfully uploaded.";

} else {

    # If the file couldn't be moved, we tell the user:
    print "An error occurred during your submission.";

    # Email message for us
    $message = "Hello,
$artist $songname was NOT successfully uploaded.";


# Send the email to us
mail ("you@yourdomain.com", "MIDI Upload - $artist $songname", $message);


You may want to use a different scheme for naming the uploaded file if you plan to have a lot of uploads - the above simply names it as it was on the user's PC, which can result in overwrites or failures if two users upload a file with the same name.

Disclaimer: This is intended to be a general guide to help you get started with uploading via PHP. FutureQuest® takes no responsibility for your use of this code - in other words, use it at your own risk.