How to Upload Files to Your Server From Your Own Website

This is a simple, functional File Transfer Protocol that allows file uploads (one-way communication)
This particular FTP being demonstrated below is restricted to protect this site
However the code shown below does not contain these restrictions
Uploads can only be done to the Uploads Folder or the Documents Folder for demonstration purposes
The file uploaded cannot be a PHP, CSS, ASP, JS, or XML file to protect the site
The file cannot be an index file to protect the site
The password of the FTP below is abc

Upload to Which Folder: //Uploads or Documents Folder

Password:

In this article, we demonstrate how you can upload files to your server from your own website.

This means you can skipping using a file transfer protocol (FTP) like filezila or an FTP of your web hosting provider and just use your website.

So literally you can just go to your website and upload files to your website's server using your own website.

Know that this can form above is only used for upload files to your website's server. It cannot retrieve files from your website. This is why it's a one-way FTP. If you want to retrieve files from your website, then you'll have to use a complete FTP like filezilla or the FTP of your web hosting company.

So how is this done?

And it's relatively simple. PHP has functionality that allows file uploading.

You create a simple file upload form using plain HTML.

You then can PHP to add the functionality to the form so that files can be uploaded to the server of your website and thus be displayed on your website.

PHP has a function called move_uploaded_file() that allows you to move a file that you uploaded to any directory on your site. If you upload this PHP upload file to the root directory of your website (the directory which contains the site's homepage), you can upload files to any directory of your site.

So it's not complicated. And this gives increased efficiency. With file upload, you no longer have to log in to your website hosting account, then your hosting space, and then the FTP provided by the web hosting company. Instead, you can just skip all of this if you need to upload a file and just do it from your website. It saves time, can be more efficient, and gets the job done. And, with an FTP like filezila, if you don't have your own computer available, you can't even use it. Filezilla must be downloaded on a computer in order to be used. If you are at work, for instance, say you have spare time, and you want to upload a file to your website, normally on work computers, you cannot download any software whatsoever. Usually the IT departments block any installation of software. The same is true for any public computers such as at libraries or schools. You are blocked from downloading any software packages unless you have administrative privileges. So if you are at a place like a library or work or school and have files on your flash drive, dropbox, or email available and would like to publish on the web, filezilla cannot be used to do so. Though it is a great FTP if you have your laptop available, it's not always accessible if you don't.

So about this file upload form we are creating, it only allows you only to upload files to your site. It doesn't allow you to get files that are already on your site. For that, you would need a complete FTP like filezilla or use your web hosting company's FTP.

However, again, if you just want to upload a file to your website, this works very well.

So for this file upload system, we have a 'Choose File' button that allows you to specify which file you want to upload. We then have a textbox that allows you to specify which directory you would like to upload the file to. Lastly, we have a password box that provides security to this form so that if anyone finds this form, that person can't just upload any file to your site.

It's almost completely necessary to add a password text box to a FTP because you want to protect your site. You have to have some security measure in place so that no one can just find your FTP on your website and upload anything that they want on it. It is very smart to add a password option. You need some security measure to protect your website. Some people may find it annoying to have to put in a password every time they upload a file to their website, but it's worth someone damaging your site. Just imagine, you create a website and you have pages uploaded to your site. Now someone comes along and uploads the same files you have, overwriting those files, and now you've lost all your pages on your website. A hacker could even upload an index file and erase your homepage. This is why security is so important. One good strong password protects heavily against this. However, if you decide that is just too annoying to have to put in a password each time that you upload a file to your site, then you can see the following code which creates an FTP that doesn't require a password at the following link: Upload Form that Requires No Password . You would have to put this FTP in some archaic name on your homepage so that it isn't easily found.

This FTP needs to get published to your root folder on your website (the home page folder). This needs to be done so that you could reach all the directories on your website. How the PHP move_uploaded_file() function works is it takes the current directory you're at and you can upload a file to that directory and further directories in that pathway. So publishing the FTP to your root directory (which contains the home page) allows you to reach any directory on your website. So this is the best way to do it.

Other than this, the FTP contains a textbox that allows you to specify which directory (or folder) you want to upload (or publish) the document to. If you keep this text box blank, it uploads the document to the root directory of your site. So if your site is www.example.com and the file you uploaded is monkey.jpg, the image file can be found at www.example.com/monkey.jpg.

If you type in images to the Upload textbox, the monkey.jpg image will be found at www.example.com/images/monkey.jpg. Also know that you can enter /images, images/, or images, and all will produce the same result. This is because the code we have running corrects either 3 of them so that they all work. So you don't have to worry about the same technical of putting in the directory. You can simply just put the name of the directory and it will work out.

One last example, if you type in Documents and you have a folder named Documents and you upload the file, bills.pdf, this will appear at www.example.com/Documents/bills.pdf.

So you pretty much get the idea of how this works.

All you have to do is copy all 3 codes found below and save it as a PHP page and publish to the root directory of your website. Before you do that, change the password to 'abc' to something much harder. Then you will be able to upload any document to any directory on your website.

So this is a very easy, simple, and highly effective way to upload files to your website.

So below we go over the code required to set up this file upload form.

HTML Code

So below we will start with the HTML code needed to create the file upload form.

<form action="" method='post' enctype="multipart/form-data"> <input type="file" name="file"/><br><br> Upload to Which Folder:<input type="text" name="where"/>//Uploads or Documents Folder<br><br> Password:<input type="password" name="password"/><br><br> <input type="submit" value="Upload"/> </form>

So the HTML shown above is very basic.

We create a form, a file upload form. We set the action equal to #upload. This allows us the form, once submitted, to jump to where we have <a name="upload><a/>. We set the method equal to POST, because it's a large amount of data and we don't want the data appended to a URL. We want the data in an actual location, which is where we're uploading the image file to. The enctype statement is unique and needed for file uploads. It must be present.

The next line creates a file upload button. We name it "file".

The next line creates a submit button. Since it's an upload button, we name it "Upload".

We then end the form.

This is all the HTML code needed. The HTML simply creates the upload form.

The PHP code shown below is what actually adds functionality to the upload form so that it actually performs an upload.

PHP Code

There are 2 PHP blocks of code to make this image upload work.

The first and the biggest block is shown below.

<?php $name= $_FILES['file']['name']; $tmp_name= $_FILES['file']['tmp_name']; $submitbutton= $_POST['submit']; $where_to_upload= $_POST['where']; $where_to_upload= str_replace(" ", "", $where_to_upload); $password1= $_POST['password']; $password2= "abc";//change this to the password you want $length= strlen($where_to_upload); $last= substr($where_to_upload, $length-1, 1); if ($last !== "/"){ $where_to_upload= "$where_to_upload" . "/"; } $first= substr($where_to_upload, 0, 1); if ($first == "/"){ $where_to_upload= str_replace("/", "", $where_to_upload); } if (isset($name)) { if (empty($name)) { echo "Please choose a file"; } else if ((!empty($name)) && ($password1 == $password2)) { if (move_uploaded_file($tmp_name, $where_to_upload . $name)) { echo "Uploaded!"; } } else { echo "The password entered is incorrect. The upload has not been done."; } } ?>

So this is obviously a big block of code. We'll explain it all now below.

The $name variable stores the name of the file being uploaded. This includes the name of the file plus its extension. So if upload a file named mortage and its of the format pdf, the $name variable stores mortgage.pdf.

The $tmp_name stores the temporary name of the file. When we first upload the file, it isn't carried over directly to the final destination, which is the folder we want it transferred to. Instead, it gets a temporary. We then have to use the function, move_uploaded_file() to transfer the file using the temporary name to its final destination folder. So, again, the variable $tmp_name is very important for uploading the file.

The $submitbutton variable stores whether the submit button has been clicked or not.

The variable $where_to_upload takes the input entered into the place where a user wants to upload the document to and stores it. Just in case there is any unnecessary, unintentional space entered in by the user, the next line erases any whitespace.

The $password1 variable takes the input that a user has entered into the password text box and stores it.

The variable $password2 is where you set the password in your code. You can set it to any password you want. Obviously, you want to choose a somewhat difficult password to figure out so that your website is more secure. You definitely want to change the password from 'abc' to something else.

The variable $length stores the length of the $name variable, which is the variable that stores the name and file extension of the file being uploaded. The reason we find out the length of the string is because we want to know how long it is, so that we know the position of the last character. The last character will be at the string length minus one. The reason we do this is because we want to know whether the last character is "/" or not. If it is not, we append "/" to the string. If it is, we leave it alone.

The variable $first represents the first character in the string. We want to see whether this character is "/" or not. If it is, we remove it. If it is not, we leave it alone.

We do this so that the pathway can be completely correct.

Now we go into the heart of the code.

We use an if statement to see if the $name variable has been set. This means that the submit button has been clicked, in other words.

If the $name variable is empty, then the user hasn't specified any file in the upload. Therefore, we output the statement, "Please choose a file".

If the $name variable isn't empty and the password entered by the user matches the password you set in the PHP code, then the file is uploaded using the temporary name to place you specified in the where to upload textbox.

Else, if the password entered is incorrect, we output the statement, "The password entered is incorrect. The file has not been uploaded."

This completes the first block of PHP code.

The second block of PHP code is shown below.

<?php if ((!empty($name)) && ($password1 == $password2)){ echo "The file you uploaded is shown below.<br><br>"; echo "<a href='$where_to_upload" ."$name'>$name</a>"; echo "<br><br>"; } ?>

So this block of PHP code is much smaller.

If the $name isn't empty and the password entered is correct, the statement output is, "The file you uploaded is shown below." The link to the file is then shown below.

The one negative, which really doesn't even really count as a negative, that can be seen about this is that every time you upload a file, you have to enter in your password. Using a FTP like filezilla or the one provided by your web hosting company, once you are logged in, you don't have to enter a password each time to login. But this is a small negative, because it's just a password and you can autosave it using your web browser, so you really don't have to enter it in each time.

So this is all that is necessary to upload files to your website using your own website.

Related Resources

How to Upload Images to a Website Using PHP

How to Upload Files to a Website Using PHP

How to Redirect to Another URL with PHP

How to Create a Search Engine Using PHP

How to Insert Images into a MySQL Database Using PHP

How to Create a Searchable Database Using MySQL and PHP