Validate Picture Upload


I want to upload a user image as part of our registration script. The following script (below0 was recommended.

Any thoughts on this script? Or recommendations for a different one?

If I use this, how do I link to display it in the registration view page (the shows the uploaded data)?


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "">
<html xmlns="" xml:lang="en" lang="en">
	<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
	<title>Upload an Image</title>
	<style type="text/css" title="text/css" media="all">
	.error {
		font-weight: bold;
		color: #C00;
<?php # Script 11.2 - upload_image.php

// Check if the form has been submitted:

	// Check for an uploaded file:
	if (isset($_FILES['upload'])) {
		// Validate the type. Should be JPEG or PNG.
		$allowed = array ('image/pjpeg', 'image/jpeg', 'image/JPG', 'image/X-PNG', 'image/PNG', 'image/png', 'image/x-png');
		if (in_array($_FILES['upload']['type'], $allowed)) {
			// Move the file over.
			if (move_uploaded_file ($_FILES['upload']['tmp_name'], "../uploads/{$_FILES['upload']['name']}")) {
				echo '<p><em>The file has been uploaded!</em></p>';
			} // End of move... IF.
		} else { // Invalid type.
			echo '<p class="error">Please upload a JPEG or PNG image.</p>';

	} // End of isset($_FILES['upload']) IF.
	// Check for an error:
	if ($_FILES['upload']['error'] > 0) {
		echo '<p class="error">The file could not be uploaded because: <strong>';
		// Print a message based upon the error.
		switch ($_FILES['upload']['error']) {
			case 1:
				print 'The file exceeds the upload_max_filesize setting in php.ini.';
			case 2:
				print 'The file exceeds the MAX_FILE_SIZE setting in the HTML form.';
			case 3:
				print 'The file was only partially uploaded.';
			case 4:
				print 'No file was uploaded.';
			case 6:
				print 'No temporary folder was available.';
			case 7:
				print 'Unable to write to the disk.';
			case 8:
				print 'File upload stopped.';
				print 'A system error occurred.';
		} // End of switch.
		print '</strong></p>';
	} // End of error IF.
	// Delete the file if it still exists:
	if (file_exists ($_FILES['upload']['tmp_name']) && is_file($_FILES['upload']['tmp_name']) ) {
		unlink ($_FILES['upload']['tmp_name']);
} // End of the submitted conditional.
<form enctype="multipart/form-data" action="upload_image.php" method="post">

	<input type="hidden" name="MAX_FILE_SIZE" value="524288" />
	<fieldset><legend>Select a JPEG or PNG image of 512KB or smaller to be uploaded:</legend>
	<p><b>File:</b> <input type="file" name="upload" /></p>
	<div align="center"><input type="submit" name="submit" value="Submit" /></div>


Do you mean how do you show the image?
If so then it is quite simple:

<img src="/url-to-the-file" />

The URL to the image is wherever it was moved to by the function move_uploaded_file (2nd parameter). You have to make sure the path starts from the root directory of the website, rather than including the full server path to the file.

Hope that helps

HI no (thx though)

Let me be more specific. The images wil be placed outisde of the web server directory (for security), so I will need a proxy script to access them.

They will not directly be accessed via <img src="">


This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.