Avatar of maximus81
maximus81Flag for United States of America

asked on 

Looking for a PHP script to upload files

What i am looking for is a script that will let me upload files. I would like to be able to include extension types and file size that i choose. My goal is I want to upload the file into a folder structure on my web server and then I have a page that will display this file.

The file name and extension will be inserted into MySQL so when I open a page it will list all the files assigned to that ID.

Avatar of undefined
Last Comment
Avatar of sweetfa2
Flag of Australia image

Here is a basic script to get you started.

You can either add an extra parameter to the script to allow you to specify a tree for your storage location or use the single location provided.

#!/usr/bin/perl -T
# A sample file upload script
# www.perlmeme.org

use strict;
use warnings;
use CGI;
use CGI::Carp qw(fatalsToBrowser);    # Remove for production use
use Mail::Sendmail;

$CGI::POST_MAX = 1024 * 1000000;  # maximum upload filesize is 100G

sub save_file($);
sub mailto($);

# Build the form

my $q = new CGI;

print $q->header;
print $q->start_html(
        -title => 'File Upload Facility',
         -style => { -src => '/upload.css' },
print $q->img({
        src => '/images/logo.png',
        alt => 'Logo',
print $q->h3('Use this form to upload a local file '),
          -name    => 'main_form');
print 'Enter a filename, or click on the browse button to choose one: ',
          -name      => 'filename',
  -size      => 40,
  -maxlength => 80);
print $q->hr;
print $q->submit(-value => 'Upload the file');
print $q->hr;
print $q->end_form;

# Look for uploads that exceed $CGI::POST_MAX

if (!$q->param('filename') && $q->cgi_error()) {
print $q->cgi_error();
print <<'EOT';
The file you are attempting to upload exceeds the maximum allowable file size.
Please refer to your system administrator
print $q->hr, $q->end_html;
exit 0;

# Upload the file

if ($q->param()) {

print $q->end_html;
exit 0;

sub mailto($) {
        my ($q) = @_;
        my $filename = $q->upload('filename');
        my %mail = ( To         => 'your name@yourdomain.com',
                                From    => 'spider@yourdomain.com',
                                Subject => 'File uploaded to your facility',
                                Message => $filename
        sendmail(%mail) or die $Mail::Sendmail::error;


sub save_file($) {

my ($q) = @_;
my ($bytesread, $buffer);
my $num_bytes = 1024;
my $totalbytes;
my $filename = $q->upload('filename');
my $untainted_filename;

if (!$filename) {
        print $q->p('You must enter a filename before you can upload it');

# Untaint $filename

if ($filename =~ /^([-\@:\/\\\w. ]+)$/) {
        $untainted_filename = $1;
} else {
        die <<"EOT";
Unsupported characters in the filename "$filename". 
Your filename may only contain alphabetic characters and numbers, 
and the characters '_', '-', '\@', '/', '\\' and '.'

if ($untainted_filename =~ m/\.\./) {
        die <<"EOT";
Your upload filename may not contain the sequence '..' 
Rename your file so that it does not include the sequence '..', and try again.

my $file = "/srv/www/upload/datadir/$untainted_filename";

print "Uploading $filename to $file<BR>";

# If running this on a non-Unix/non-Linux/non-MacOS platform, be sure to 
# set binmode on the OUTFILE filehandle, refer to 
#    perldoc -f open 
# and
#    perldoc -f binmode

open (OUTFILE, ">", "$file") or die "Couldn't open $file for writing: $!";

while ($bytesread = read($filename, $buffer, $num_bytes)) {
        $totalbytes += $bytesread;
        print OUTFILE $buffer;
die "Read failure" unless defined($bytesread);
unless (defined($totalbytes)) {
        print "<p>Error: Could not read file ${untainted_filename}, ";
        print "or the file was zero length.";
} else {
        print "<p>Done. File $filename uploaded to $file ($totalbytes bytes)";
close OUTFILE or die "Couldn't close $file: $!";


Open in new window

Avatar of Ray Paseur
Ray Paseur
Flag of United States of America image

Blurred text
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
Avatar of maximus81
Flag of United States of America image



PHP is a widely-used server-side scripting language especially suited for web development, powering tens of millions of sites from Facebook to personal WordPress blogs. PHP is often paired with the MySQL relational database, but includes support for most other mainstream databases. By utilizing different Server APIs, PHP can work on many different web servers as a server-side scripting language.

Top Experts
Get a personalized solution from industry experts
Ask the experts
Read over 600 more reviews


IBM logoIntel logoMicrosoft logoUbisoft logoSAP logo
Qualcomm logoCitrix Systems logoWorkday logoErnst & Young logo
High performer badgeUsers love us badge
LinkedIn logoFacebook logoX logoInstagram logoTikTok logoYouTube logo