Start your free trial now, and begin learning software, business and creative skills—anytime, anywhere—with video instruction from recognized industry experts.

Start Your Free Trial Now

Examining the $_FILES array


Uploading Files Securely with PHP

with David Powers

Video: Examining the $_FILES array

Examining the $_FILES array provides you with in-depth training on Developer. Taught by David Powers as part of the Uploading Files Securely with PHP
Expand all | Collapse all
  1. 4m 49s
    1. Welcome
    2. What you should know before watching this course
      2m 0s
    3. Using the exercise files
      1m 52s
  2. 33m 2s
    1. How PHP handles file uploads
      6m 16s
    2. Examining the $_FILES array
      5m 8s
    3. Setting the maximum file size
      5m 36s
    4. Preparing the upload folder
      3m 18s
    5. Moving the file to its destination
      6m 51s
    6. Limitations on file uploads
      5m 53s
  3. 47m 3s
    1. Planning the class's features
      3m 15s
    2. Creating and using a namespaced class
      5m 25s
    3. Creating the class constructor
      7m 26s
    4. Getting a reference to the uploaded file
      5m 9s
    5. Checking the error level
      5m 7s
    6. Displaying errors and other messages
      4m 51s
    7. Setting and checking the maximum file size
      7m 19s
    8. Strengthening the setMaxSize() method
      8m 31s
  4. 35m 30s
    1. Restricting acceptable MIME types
      5m 27s
    2. Removing spaces from file names
      5m 21s
    3. Restricting acceptable file-name extensions
      6m 10s
    4. Neutralizing potentially dangerous uploads
      5m 54s
    5. Renaming files with duplicate names
      7m 58s
    6. Moving the file to its destination
      4m 40s
  5. 10m 25s
    1. Understanding how the $_FILES array handles multiple files
      4m 42s
    2. Adapting the class to handle both single and multiple uploads
      5m 43s
  6. 38m 15s
    1. Overview of the UploadFile class
      5m 9s
    2. Setting up to use the class
      4m 11s
    3. Using the class
      8m 12s
    4. Reporting errors with multiple uploads
      4m 0s
    5. Displaying the server limits
      4m 51s
    6. Alerting the user about exceeding the server limits
      6m 14s
    7. Changing the class's defaults
      5m 38s
  7. 1m 38s
    1. Goodbye
      1m 38s

please wait ...
Examining the $_FILES array
Video Duration: 5m 8s2h 50m Intermediate Feb 24, 2014

Viewers: in countries Watching now:

Examining the $_FILES array provides you with in-depth training on Developer. Taught by David Powers as part of the Uploading Files Securely with PHP

View Course Description

The basic process of uploading files with PHP is very simple, but there are security implications that many people are unaware of. This course shows how to create a secure custom PHP class that can handle both single-file and multi-file uploads. Author David Powers shows you how to create a file upload class that checks the size, type, and names of files, renaming them when it encounters a duplicate file name. He'll show you how to make the class report on the outcome of the upload process and the nature of any errors that occur, and how to prevent the user from uploading files that exceed the server limits.

At the end of this course, you'll have a robust, flexible class that can be incorporated into many projects (including web forms) with just a few lines of code.

Topics include:
  • How PHP handles file uploads
  • Setting the maximum file size
  • Moving the file to its destination
  • Creating and using a namespaced class
  • Displaying error messages
  • Restricting unacceptable MIME types and file extensions
  • Using the class
  • Reporting errors
  • Altering the user
David Powers

Examining the $_FILES array

We've created a form with a file input field, and we're now ready to start processing the file when the form is submitted. We'll begin by examining the contents of the superglobal array that PHP uses to handle file uploads. The action attribute reloads the page when the form is submitted. So let's create a PHP code block above the doc type to handle a form data. We want the code in this code block to be executed only after the form has been submitted. The name of the submit button is upload.

And we're using the post method. So the condition here needs to be if isset, and we're looking for the POST superglobal array, and the name of that submit button, upload. So we can now add our code inside that conditional block. Now although the form is submitted using the post method, the file is in a separate superglobal array called files. And we can use print_r to examine the contents of the files array.

To make it easier to read, we'll format it using some HTML text, some pretext. So echo, then pre, then we can use print_r. And the file superglobal array, in common with other superglobals, starts with an underscore after the $, and then it's all in upper case, FILES. And then we need that closing pre tag. So if we save, that and run the page, and we can select the file, clicking the Choose File button, doesn't matter which file you choose.

And then submit the form using Upload File. And there are the contents of the file superglobal array displayed. Let's just zoom in a little bit so we can see it more easily. And the files superglobal array is a multi-dimensional associative array. And the first element there is filename, which was the name that we gave to file input field. And that contains another array with five elements. name, which is the name of the file. Type, which is the MIME type usually.

Tmp_name, which is the temporary name and the location of the file, when it's uploaded by PHP. And error code, in this case, it's 0, which means there's no error at all. And then the size expressed in bytes. So this is vital information for handling the uploaded file. The only thing that you can't rely on 100% is the value of type. That's what the browser reports as being the file's type. It's usually the MIME type, but not always.

But let's see what happens when you submit the form without selecting a file. So let's just click Upload File. The files array is still there, because we've got that file input field in the form called filename. But the first three elements of the sub array are empty. And the error is 4, which means that no file was selected. And quite naturally, because no file was selected, its size is 0 bytes. So clearly, it's important to check the error code before trying to process an uploaded file.

The only purpose of the form in this page is to upload a file, but you might have a form with other fields, where uploading a file is optional. So we've seen two error codes, but there are eight of them altogether. So let's examine what they are. As we've already seen, zero means the file was uploaded successfully. Error codes one and two mean the file was too big. In the case of error code one, it means it exceeds the size set down in the upload_max_ filesize directive in the PHP configuration.

On the other hand, error code two means it was bigger than the value specified in a hidden form field. We'll look at both of these later in the chapter. Error code three means the file was only partially uploaded. As we've just seen, four means no file was selected for upload. There's no error code five, but six means the server doesn't have a temporary upload folder. And seven means PHP couldn't write the file to disk. The final error code eight means that a PHP extension prevented the file from being uploaded. However, there's no way of identifying which extension was responsible. So those are the eight error codes.

Let's just return to the browser and refresh our memory about what the file's superglobal array contains. If you get error code four, that means that no file has been selected, so let's just select another file, and test that. What we get in that file's superglobal array, is the name of the file, its type, which is usually the MIME type, but is sometimes a guess by the browser. The temporary name where it's stored, the error code, and the size in bytes.

There are currently no FAQs about Uploading Files Securely with PHP.

Share a link to this course

What are exercise files?

Exercise files are the same files the author uses in the course. Save time by downloading the author's files instead of setting up your own files, and learn by following along with the instructor.

Can I take this course without the exercise files?

Yes! If you decide you would like the exercise files later, you can upgrade to a premium account any time.

Become a member Download sample files See plans and pricing

Please wait... please wait ...
Upgrade to get access to exercise files.

Exercise files video

How to use exercise files.

Learn by watching, listening, and doing, Exercise files are the same files the author uses in the course, so you can download them and follow along Premium memberships include access to all exercise files in the library.

Exercise files

Exercise files video

How to use exercise files.

For additional information on downloading and using exercise files, watch our instructional video or read the instructions in the FAQ .

This course includes free exercise files, so you can practice while you watch the course. To access all the exercise files in our library, become a Premium Member.

* Estimated file size

Are you sure you want to mark all the videos in this course as unwatched?

This will not affect your course history, your reports, or your certificates of completion for this course.

Mark all as unwatched Cancel


You have completed Uploading Files Securely with PHP.

Return to your organization's learning portal to continue training, or close this page.


Upgrade to View Courses Offline


With our new Desktop App, Annual Premium Members can download courses for Internet-free viewing.

Upgrade Now

After upgrading, download Desktop App Here.

Become a member to add this course to a playlist

Join today and get unlimited access to the entire library of video courses—and create as many playlists as you like.

Get started

Already a member ?

Exercise files

Learn by watching, listening, and doing! Exercise files are the same files the author uses in the course, so you can download them and follow along. Exercise files are available with all Premium memberships. Learn more

Get started

Already a Premium member?

Exercise files video

How to use exercise files.

Ask a question

Thanks for contacting us.
You’ll hear from our Customer Service team within 24 hours.

Please enter the text shown below:

Exercise files

Access exercise files from a button right under the course name.

Mark videos as unwatched

Remove icons showing you already watched videos if you want to start over.

Control your viewing experience

Make the video wide, narrow, full-screen, or pop the player out of the page into its own window.

Interactive transcripts

Click on text in the transcript to jump to that spot in the video. As the video plays, the relevant spot in the transcript will be highlighted.

Learn more, save more. Upgrade today!

Get our Annual Premium Membership at our best savings yet.

Upgrade to our Annual Premium Membership today and get even more value from your subscription:

“In a way, I feel like you are rooting for me. Like you are really invested in my experience, and want me to get as much out of these courses as possible this is the best place to start on your journey to learning new material.”— Nadine H.

Start your FREE 10-day trial

Begin learning software, business, and creative skills—anytime,
anywhere—with video instruction from recognized industry experts. provides
Unlimited access to over 4,000 courses—more than 100,000 video tutorials
Expert-led instruction
On-the-go learning. Watch from your computer, tablet, or mobile device. Switch back and forth as you choose.
Start Your FREE Trial Now

A trusted source for knowledge.


We provide training to more than 4 million people, and our members tell us that helps them stay ahead of software updates, pick up brand-new skills, switch careers, land promotions, and explore new hobbies. What can we help you do?

Thanks for signing up.

We’ll send you a confirmation email shortly.

Sign up and receive emails about and our online training library:

Here’s our privacy policy with more details about how we handle your information.

Keep up with news, tips, and latest courses with emails from

Sign up and receive emails about and our online training library:

Here’s our privacy policy with more details about how we handle your information.

submit Lightbox submit clicked
Terms and conditions of use

We've updated our terms and conditions (now called terms of service).Go
Review and accept our updated terms of service.