←    Back

Create File Upload Class in PHP

The basic process of providing a HTML form for uploading user submitted files to the server with PHP is fairly easy and simple. But there are some security implications that many of us are unaware of. We will be building a custom PHP class for secure file upload. This class will check the type and size of the file and rename the file in case of duplication.

Those who are absolutely beginner in handling file upload, are requested to take a look at Enhance File Upload Security with PHP. That article will help you to better understand file uploading from scratch.

The Class

We will start our Upload class with a blank constructor

Now we will add some properties to our class to store some data.

The $config property holds the configurations like target directory, size limit etc. $current refers to the current key of $_FILES array. $errors contains the errors encountered during process. $new_name stores the name of the uploaded file to be set.

Public Methods

Now we are going to define some public methods to set up some configuration settings.

But first, we need to implement a method for handling errors.

This method will store error messages in the $errors. This method will work as both a getter and setter.


Of course you want to prevent the users from uploading specified types of files. Here is the method for allowing or disallowing file types.

The allowed extensions will be stored in $config['allowed_extensions'] and the disallowed extensions in $config['disallowed_extensions']. You can either specify allowed file types or disallowed file types.

Target Directory

Now its time to specify where our uploaded images will live. We should add a method to setup this setting.

Max Size

Obviously we want to limit the size of the files to be uploaded. But our specified limit cannot be greater than that specified in PHP config.

This will check the size limit from PHP configuration. If the specified limit is larger, it will automatically set the size from PHP config. For this method to work properly, we need to implement a helper method.


We need provide a way to specify whether we want to overwrite files or not.

Methods for the Magic

The methods mentioned till now are going to be used to set the configuration settings. For the actual file uploading process, we need to add a few more internal methods to check the settings or generate a new name for the file or upload the file etc.

Adding power to the Constructor

While we are able set configuration settings by calling respective methods, it will be more comprehensive if we can provide an option to set the configuration in the constructor.


To use this class, lets have a form first.

Add following lines of code at the top of the document.

The Author

Other Articles

  • How to use Zaq: Codeigniter Template Parser Engine

    Zaq is a PHP based template parser engine developed to work with Codeigniter. This library has been developed for developers to integrate php codes in views easily. Using this library will also allow the view file to be more readable. View files in Codeigniter (or in any other framework following MVC) always contains both html and php codes which make them a bit harder to read. This problem can be eradicated by using a parser engine which makes the view files a lot more easier to work with.

  • Category Pagination in Jekyll

    This site is built on Jekyll – a blog aware static site generator. When I was building this, I wanted to separate my blog from my portfolio. Of course I would be using custom post type for my portfolio if I was developing on Wordpress. Here I thought to stay straight and simple and I just created two site categories: portfolio and blog and I am using custom permalink which makes it difficult to use the default pagination setup. And I also want to paginate only the blog category.

  • 15 Best Bootstrap Alternatives for Web Developers

    Choosing the right framework that is the perfect fit for your projects could be a little bit overwhelming – there are a lot to choose from. Perhaps, you want to go with popular choices like Bootstrap or Foundation, but if your website is going to be a fairly simple one, you won’t be needing most of the building blocks and materials included in the default package. The good news is that there are a handful of alternatives that are much leaner than Bootstrap or Foundation. Most of these frameworks ship with just the right amount of styles and components to help you get started, while allowing you to be able to extend them in the direction you want for your project.

  • 8 Icon Fonts to speed up Website Design Process

    Icon Fonts are nothing but fonts. But, instead of containing letters or numbers, they contain symbols and shapes. You can style them with CSS in the same way you style regular text. They’re ideal for small, frequently used shapes such as email, envelopes, telephones, widget controls and social media logos. Here is a list of most popular and easy-to-use icon font sets.

  • Download ZIP File Dynamically with PHP

    Here we will see how we can make a webpage act as an initializer to download a zip file. We will just provide the location of the file and PHP will download it to the user. In the back-end, the HTTP headers are responsible for the download. We will set the headers with PHP.

  • How to Add Scalable Vector Graphics (SVG) to Web Page

    Scalable Vector Graphics (SVG) is an XML-based vector image format for two-dimensional graphics with support for interactivity and animation. If you want to embed your hand-crafted SVG in your web page, you can use any of the methods discussed here.