Upload a file to a website using php

Question

I am new to php and I am trying to modify the code from here: http://www.w3schools.com/php/php_file_upload.asp to stay on the same page after the file is uploaded.

The page is displaying these errors (Before the file is uploaded but not after the file is uploaded):

Notice: Undefined index: fileToUpload in C:\xampp\htdocs\test-site\index.php on line 12
Sorry, file already exists.

Notice: Undefined index: fileToUpload in C:\xampp\htdocs\test-site\index.php on line 38
Sorry, only JPG, JPEG, PNG & GIF files are allowed.Sorry, your file was not uploaded.

The file uploads fine regardless.

This is the code:

<!DOCTYPE html>
<html>
<body>

<form action="<?php $_SERVER['PHP_SELF'] ?>" method="post" enctype="multipart/form-data">
    Select image to upload:
    <input type="file" name="fileToUpload" id="fileToUpload" class="upload_file">
    <input type="submit" value="Upload Image" name="submit">
</form>
<?php
$target_dir = "uploads/";
$target_file = $target_dir . basename($_FILES["fileToUpload"]["name"]);
$uploadOk = 1;
$imageFileType = pathinfo($target_file,PATHINFO_EXTENSION);
// Check if image file is a actual image or fake image
if(isset($_POST["submit"])) 
{
    $check = getimagesize($_FILES["fileToUpload"]["tmp_name"]);
    if($check !== false) 
    {
        echo "File is an image - " . $check["mime"] . ".";
        echo '<a href="'.$target_file.'">Download you file here</a>';
        $uploadOk = 1;
    } 
    else 
    {
        echo "File is not an image.";
        $uploadOk = 0;
    }
}
// Check if file already exists
if (file_exists($target_file)) 
{
    echo "Sorry, file already exists.";
    $uploadOk = 0;
}
// Check file size
if ($_FILES["fileToUpload"]["size"] > 500000) 
{
    echo "Sorry, your file is too large.";
    $uploadOk = 0;
}
// Allow certain file formats
if($imageFileType != "jpg" && $imageFileType != "png" && $imageFileType != "jpeg"&&         $imageFileType != "gif" ) 
{
    echo "Sorry, only JPG, JPEG, PNG & GIF files are allowed.";
    $uploadOk = 0;
}
// Check if $uploadOk is set to 0 by an error
if ($uploadOk == 0) 
{
    echo "Sorry, your file was not uploaded.";
// if everything is ok, try to upload file
} 
else 
{
    if (move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $target_file)) 
    {
        echo "The file ". basename( $_FILES["fileToUpload"]["name"]). " has been uploaded.";
    } 
    else 
    {
        echo "Sorry, there was an error uploading your file.";
    }
}
?>
</body>
</html>

Answer 1

look at your code line:

$target_file = $target_dir . basename($_FILES["fileToUpload"]["name"]);

replace that with:

if (isset($_FILES["fileToUpload"]["name"])) {
$target_file = $target_dir . basename($_FILES["fileToUpload"]["name"]);
} else {
var_dump($_FILES);
$target_file = '';
}

this is not complete solution, and there could be many other errors in your code ,but just to start from somewhere

Answer 2

You should make a distinction in your code for when the page is loaded via GET (loading the form) and when a POST request is made and you need to process the upload. That applies to all things related to the file upload.

I normally also put all processing at the top which could be useful if you want to redirect for example after a succesfull post:

if ($_SERVER['REQUEST_METHOD'] === 'POST')
{
  // your upload processing code
}
else
{
  // show your form
}

Answer 3

You need to move this block

$target_dir = "uploads/";
$target_file = $target_dir . basename($_FILES["fileToUpload"]["name"]);
$uploadOk = 1;
$imageFileType = pathinfo($target_file,PATHINFO_EXTENSION);

and everything after the condition into the if(isset($_POST["submit"])) condition.

When you first download the page, the $_FILES is empty, but you want to use it.

Answer 4

Check this code - It shouldn't throw the errors now

<!DOCTYPE html>
<html>
<body>

    <form action="<?php $_SERVER['PHP_SELF'] ?>" method="post" enctype="multipart/form-data">
        Select image to upload:
        <input type="file" name="fileToUpload" id="fileToUpload" class="upload_file">
        <input type="submit" value="Upload Image" name="submit">
    </form>
    <?php

    // Check if image file is a actual image or fake image
    if(isset($_POST["submit"])) 
    {

        $target_dir = "uploads/";
        $target_file = $target_dir . basename($_FILES["fileToUpload"]["name"]);
        $uploadOk = 1;
        $imageFileType = pathinfo($target_file,PATHINFO_EXTENSION);

        $check = getimagesize($_FILES["fileToUpload"]["tmp_name"]);
        if($check !== false) 
        {
            echo "File is an image - " . $check["mime"] . ".";
            echo '<a href="'.$target_file.'">Download you file here</a>';
            $uploadOk = 1;
        } 
        else 
        {
            echo "File is not an image.";
            $uploadOk = 0;
        }

        // Check if file already exists
        if (file_exists($target_file)) 
        {
            echo "Sorry, file already exists.";
            $uploadOk = 0;
        }
        // Check file size
        if ($_FILES["fileToUpload"]["size"] > 500000) 
        {
            echo "Sorry, your file is too large.";
            $uploadOk = 0;
        }
        // Allow certain file formats
        if($imageFileType != "jpg" && $imageFileType != "png" && $imageFileType != "jpeg"&&         $imageFileType != "gif" ) 
        {
            echo "Sorry, only JPG, JPEG, PNG & GIF files are allowed.";
            $uploadOk = 0;
        }
        // Check if $uploadOk is set to 0 by an error
        if ($uploadOk == 0) 
        {
            echo "Sorry, your file was not uploaded.";
        // if everything is ok, try to upload file
        } 
        else 
        {
            if (move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $target_file)) 
            {
                echo "The file ". basename( $_FILES["fileToUpload"]["name"]). " has been uploaded.";
            } 
            else 
            {
                echo "Sorry, there was an error uploading your file.";
            }
        }
    }
    ?>
</body>
</html>