I want to upload images to my server from browser window. However, the upload field will be visible for everyone, so I need to set up some restrictions. I've only found the w3schools file upload (and as of w3fools.com I don't trust it). I want the restrictions to be:
Maximum size 2,5M
Image types jpg, jpeg, png, gif
So here's the code that w3schools provides, but it won't actually save the file anywhere? I've modified it a bit to meet my needs.
<?php
$allowedExts = array("jpg", "jpeg", "gif", "png");
$extension = end(explode(".", $_FILES["file"]["name"]));
if ((($_FILES["file"]["type"] == "image/gif")
|| ($_FILES["file"]["type"] == "image/jpg")
|| ($_FILES["file"]["type"] == "image/jpeg"))
|| ($_FILES["file"]["type"] == "image/png"))
&& ($_FILES["file"]["size"] < 2500000)
&& in_array($extension, $allowedExts))
{
if ($_FILES["file"]["error"] > 0)
{
echo "Error: " . $_FILES["file"]["error"] . "<br />";
}
else
{
echo "Upload: " . $_FILES["file"]["name"] . "<br />";
echo "Type: " . $_FILES["file"]["type"] . "<br />";
echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />";
echo "Stored in: " . $_FILES["file"]["tmp_name"];
}
}
else
{
echo "Invalid file";
}
?>
And as I don't want my site to be hacked, I want a secure solution, any help on this?
Edit
The code doesn't even do anything. So how should I do it?
You need to use php move_upload_file function and also I have made changes to your if statement here is the working and tested example:
<?php
if (isset($_REQUEST["submit"])) {
$allowedExts = array("jpg", "jpeg", "gif", "png");
$extension = end(explode(".", $_FILES["file"]["name"]));
if ($_FILES["file"]["type"] == "image/gif" || $_FILES["file"]["type"] == "image/jpg" || $_FILES["file"]["type"] == "image/jpeg" || $_FILES["file"]["type"] == "image/png" && $_FILES["file"]["size"] < 2500000 && in_array($extension, $allowedExts)) {
if ($_FILES["file"]["error"] > 0) {
echo "Error: " . $_FILES["file"]["error"] . "<br />";
}
else {
$fname = $_FILES["file"]["name"];
move_uploaded_file($_FILES["file"]["tmp_name"], $fname);
echo "Upload: " . $_FILES["file"]["name"] . "<br />";
echo "Type: " . $_FILES["file"]["type"] . "<br />";
echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />";
echo "Stored in: " . $fname;
}
}
else {
echo "Invalid file type";
}
}
?>
<form action="" method="post" enctype="multipart/form-data">
<input type="file" name="file" />
<input type="submit" name="submit" value="submit" />
</form>
You can also use getimagesize function as suggested by doing next thing:
$size = getimagesize("http://www.simplestudio.rs/060620121945.jpg");
$file_format = $size['mime'];
$file_format will be represented as for example "image/jpeg" so you can easily check for image types like this:
foreach($allowedExts as $allowed) {
$chk_types = strpos($file_format, $allowed);
if($chk_types > -1) {
$type_is_good = true;
break;
}
}
Use : move_uploaded_file, See, Manual
And one more thing,
the $_FILES["file"]["type"] variable is not good to use as this can be changed by the browser settings.
Use getimagesize instead, See, Manual
$ratio2) { $thumb_w=$new_w;
$thumb_h=$old_y/$ratio1; } else { $thumb_h=$new_h;
$thumb_w=$old_x/$ratio2; }
$dst_img=ImageCreateTrueColor($thumb_w,$thumb_h);
imagecopyresampled($dst_img,$src_img,0,0,0,0,$thumb_w,$thumb_h,$old_x,$old_y);
if(!strcmp("png",$ext)) imagepng($dst_img,$filename); else imagejpeg($dst_img,$filename);
imagegif($dst_img,$filename);
imagedestroy($dst_img); imagedestroy($src_img); } } if(!function_exists('getExtension')) { function
getExtension($str) {
$i = strrpos($str,".");
if (!$i) { return ""; }
$l = strlen($str) - $i;
$ext = substr($str,$i+1,$l);
return $ext; } }
$image=$_FILES["$imagename"]['name']; if($image) {
$filename = stripslashes($_FILES["$imagename"]['name']);
$extension = getExtension($filename); $extension =
strtolower($extension); if (($extension != "jpg") && ($extension
!= "jpeg") && ($extension != "png") && ($extension != "gif") &&
($extension != "bmp")) {
$obj->set_flash("Unknown extension...!"); header("Location: $filename "); exit; } else {
$size=getimagesize($_FILES["$imagename"]['tmp_name']);
$sizekb=filesize($_FILES["$imagename"]['tmp_name']);
if ($sizekb > MAX_SIZE*1024)
{
$obj->set_flash("You have exceeded the size limit...!");
header("Location: $filename");
exit;
}
$select_max = $obj->sql_query("select max($fieldname) as MaxID from ".$tablename."");
if($action=="Add") {
$Max = $select_max[0]['MaxID'];
$image_name = $Max + 1;
$new_name = $image_name.".".$extension;//the new name will be containing the full path where will be stored (images folder)
$$imagename = $new_name;//New Name of Image same as Image Field Name
$thumbfilename = $new_name;
$newname="$uploadpath/large/".$new_name;
$copied = copy($_FILES["$imagename"]['tmp_name'], $newname);
//we verify if the image has been uploaded, and print error instead
if (!$copied)
{
$obj->set_flash("Copy unsuccessfull...!");
header("Location: $filename");
exit;
}
else
{
$thumb_name="$uploadpath/thumb/".$thumbfilename;
$thumb=make_thumb($newname,$thumb_name,$WIDTH,$HEIGHT);
} } if($action=="Update") {
$new_name=$ID.".".$extension;
$$imagename = $new_name;//New Name of Image same as Image Field Name
$newname = "$uploadpath/large/".$new_name;
$thumbfilename = $new_name;
$copied = copy($_FILES["$imagename"]['tmp_name'], $newname);
if (!$copied)
{
$obj->set_flash("Copy unsuccessfull...!");
header("Location: $filename");
exit;
}
else
{
$thumb_name="$uploadpath/thumb/".$thumbfilename;
$thumb=make_thumb($newname,$thumb_name,$WIDTH,$HEIGHT);
} } } } if($action=="Delete") { $SelectImage = $obj->sql_query("select $imagename from $tablename where $fieldname
= ".$$fieldname." "); $ThisImage = $SelectImage[0]["$imagename"]; unlink("$uploadpath/thumb/".$ThisImage);
unlink("$uploadpath/large/".$ThisImage); } ?>
List item
<?php
$file_name = $_FILES['file']['name'];
$file_size = $_FILES['file']['size'];
$file_tmp = $_FILES['file']['tmp_name'];
$file_type = $_FILES['file']['type'];
/* variable array for store errors */
$errors = [];
/* Check if file already exists in location file save */
$file_dir = "uploads";
/** if folder not exists, then create it **/
if (!file_exists($file_dir)) {
mkdir($file_dir, 0777, true);
}
$file_target = $file_dir . $file_name;
if (file_exists($file_target)) {
//$errors[] = "Sorry, <strong>{$file_name}</strong> already exists.";
}
/* Check file size */
if ($file_size > 2500000) {
$errors[] = "Sorry, <strong>{$file_name}</strong> is too large. It size is {$file_size} > 2500000 bytes";
}
/* Check current file formats with file secure */
$file_secure = array('jpg', 'jpeg', 'png', 'gif');
$file_current = strtolower(pathinfo($file_name, PATHINFO_EXTENSION)); /* (end(explode('.', $file_name) */
if (in_array($file_current, $file_secure) === false) {
$errors[] = "Sorry, <strong>{$file_current}</strong> extension not allowed";
}
/* Check if Errors exist, then not upload. Or if Errors NOT exist, then try upload */
if (!empty($errors)) {
/* display error */
foreach ($errors as $keyError => $valueError) {
echo "$keyError = $valueError <br />";
}
echo "<br />";
echo "<strong>{$file_name}</strong> could not uploaded. <hr />";
} else {
if (move_uploaded_file($file_tmp, $file_target)) {
echo "Upload: " . $file_name . "<br />";
echo "Type: " . $file_type . "<br />";
echo "Size: " . ($file_size / 1024) . " Kb<br />";
echo "Stored in: " . $file_tmp;
} else {
echo "Invalid file";
}
}
?>
Related
I am trying some file upload code which I Googled.
Now Issue is when I try to upload image and if its already in folder then its over write and issues come. I Try Code From here and here as well but I face some error.
Here is my code. Can I do in this code that its upload file with some extra name which stop over write of existing file??
if(isset($_REQUEST['main']))
{
$allowedExts = array("gif", "jpeg", "jpg", "png");
$temp = explode(".", $_FILES["file"]["name"]);
$extension = end($temp);
/*if ((($_FILES["file"]["type"] == "image/gif") || ($_FILES["file"]["type"] == "image/jpeg") || ($_FILES["file"]["type"] == "image/jpg") || ($_FILES["file"]["type"] == "image/pjpeg") || ($_FILES["file"]["type"] == "image/x-png") || ($_FILES["file"]["type"] == "image/png")) && ($_FILES["file"]["size"] < 20000) && in_array($extension, $allowedExts)) {*/
if ($_FILES["file"]["error"] > 0) {
echo "Return Code: " . $_FILES["file"]["error"] . "<br>";
} else {
if (file_exists("upload/" . $_FILES["file"]["name"])) {
echo $_FILES["file"]["name"] . " already exists. ";
} else {
if( move_uploaded_file($_FILES["file"]["tmp_name"], "../img/catalog/" . $_FILES["file"]["name"]) ){
$filepath = "img/catalog/" . $_FILES["file"]["name"];
}else{
echo $_FILES["file"]["name"]." unable to store";
}
}
/*}
} else {
echo "Invalid file";
}*/
}
$main = $_REQUEST['main'];
$sql="INSERT INTO image VALUES ('', '$filepath', '$main')";
if (!mysqli_query($con,$sql)) {
die('Error: ' . mysqli_error($con));
}
echo "1 record added";
}
You can check if the file exists using file_exists.
If it exist, add some extra characters to the file name. Then you can save it.
Here is a function that generates random characters :
function randomString($length) {
$str="";
$chars = "subinsblogabcdefghijklmanopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
$size = strlen($chars);
for($i = 0;$i < $length;$i++) {
$str .= $chars[rand(0,$size-1)];
}
return $str;
}
Replace the code :
if( move_uploaded_file($_FILES["file"]["tmp_name"], "../img/catalog/" . $_FILES["file"]["name"]) ){
$filepath = "img/catalog/" . $_FILES["file"]["name"];
}else{
echo $_FILES["file"]["name"]." unable to store";
}
with :
$newLocation = "../img/catalog/" . $_FILES["file"]["name"];
if(file_exists($newLocation)){
$newLocation .= randomString(10); // We append 10 new characters
}
if( move_uploaded_file($_FILES["file"]["tmp_name"], $newLocation) ){
$filepath = str_replace("../img", "img", $newLocation); // make File Path starting with img/
}else{
echo $_FILES["file"]["name"]." unable to store";
}
The above code will check if the file exists. If yes, then a string of 10 random characters is appended to the file name and stored in the destination folder.
You didnt mention your problem but I think you have missed a point in your
if else
part. write it like this :
if (file_exists("upload/" . $_FILES["file"]["name"])) {
echo $_FILES["file"]["name"] . " already exists. ";
$_FILES["file"]["name"] = $_FILES["file"]["name"].$your_new_number;
}
if( move_uploaded_file($_FILES["file"]["tmp_name"], "../img/catalog/" . $_FILES["file"]["name"]) ){
$filepath = "img/catalog/" . $_FILES["file"]["name"];
}else{
echo $_FILES["file"]["name"]." unable to store";
}
}
I've created an image upload using PHP, the idea being that the image will save to a directory and the path to the the database which is pretty standard. The problem is it wont save anything over 20kb. I have increased the max upload and post max size in the php.ini file to 10M and have also set size to < 200000kb in the function but it makes no difference. Can somebody please tell me where i have been banging my head off this for days now :(
File upload function (based on example at W3Schools)
function upload_file(){
$allowedExts = array("gif", "jpeg", "jpg", "png");
$temp = explode(".", $_FILES["page_main_image"]["name"]);
$extension = end($temp);
if ((($_FILES["page_main_image"]["type"] == "image/gif")
|| ($_FILES["page_main_image"]["type"] == "image/jpeg")
|| ($_FILES["page_main_image"]["type"] == "image/jpg")
|| ($_FILES["page_main_image"]["type"] == "image/pjpeg")
|| ($_FILES["page_main_image"]["type"] == "image/x-png")
|| ($_FILES["page_main_image"]["type"] == "image/png"))
&& ($_FILES["page_main_image"]["size"] < 200000)
&& in_array($extension, $allowedExts))
{
if ($_FILES["page_main_image"]["error"] > 0) {
echo "Return Code: " . $_FILES["page_main_image"]["error"] . "<br />";;
}
else {
echo "Upload: " . $_FILES["page_main_image"]["name"] . "<br />";
echo "Type: " . $_FILES["page_main_image"]["type"] . "<br />";
echo "Size: " . ($_FILES["page_main_image"]["size"] / 1024) . " kb<br />";
if (file_exists("uploads/" . $_FILES["page_main_image"]["name"]))
{
echo $_FILES["page_main_image"]["name"] . " already exists. ";
}
else
{
move_uploaded_file($_FILES["page_main_image"]["tmp_name"],
"uploads/" . $_FILES["page_main_image"]["name"]);
echo "Stored in: " . "uploads/" . $_FILES["page_main_image"]["name"] . "<br />";
$image="{$_FILES['page_main_image']['name']}";
}
}
}
else {
echo "Invalid file";
}
return $image;
}
The form processing is as follows:
<?php
if (isset($_POST['submit'])) {
//Process the form
$image = upload_file();
$project_id = $_POST['project_id'];
//var_dump ($project_id);
$wireframe_title = mysql_prep($_POST["wireframe_title"]);
$browser_title = $_POST["browser_title"];
$url_key = $_POST["url_key"];
$wireframe_type = $_POST["wireframe_type"];
//$image = $_POST["page_main_image"];
$page_bg_color = $_POST ["page_bg_color"];
$query = "INSERT INTO wireframes (";
$query .= " project_id, wireframe_title, browser_title, url_key, wireframe_type, page_main_image, page_bg_color";
$query .= " ) VALUES (";
$query .= " '{$project_id}','{$wireframe_title}', '{$browser_title}', '{$url_key}', '{$wireframe_type}', '{$image}', '{$page_bg_color}' ";
$query .= ")";
echo $query;
try { $result = mysqli_query($connection, $query);
} catch (Exception $e) {
return 'Caught exception: '+ $e->getMessage()+ "\n";
}
//Test if there was a query error
if ($result) {
//Success
// would normally use a redirect ie redirect_to("somepage.php");
//$message = "Subject created.";
redirect_to("wireframes.php?id=$project_id");
}else {
//failure
//$message = "Subject creation failed.";
//redirect_to("add_project.php");
echo $query;
}
} else {
// This is probably a GET request
redirect_to("add_edit_wireframe.php?id= echo $_GET[$project_id]");
}
?>
The size in $_FILES is expressed in bytes. 200.000 = around 195 kilobyte.
Did you tested it without that condition in the if statement?
I have a problem with my upload code it accepts invalid files and saves the filename in the database. I don't know what part of the code is wrong.
<?php
session_start();
if (!isset($_SESSION['LOGIN_STATUS'])) {
header('location:login.php');
}
?>
<?php
$allowedExts = array(
"gif",
"jpeg",
"jpg",
"png"
);
$temp = explode(".", $_FILES["file"]["name"]);
$extension = end($temp);
if ((($_FILES["file"]["type"] == "image/gif") || ($_FILES["file"]["type"] == "image/jpeg") || ($_FILES["file"]["type"] == "image/jpg") || ($_FILES["file"]["type"] == "image/pjpeg") || ($_FILES["file"]["type"] == "image/x-png") || ($_FILES["file"]["type"] == "image/png")) && ($_FILES["file"]["size"] < 2000000) && in_array($extension, $allowedExts)) {
if ($_FILES["file"]["error"] > 0) {
echo "Return Code: " . $_FILES["file"]["error"] . "<br>";
} else {
echo "Upload: " . $_FILES["file"]["name"] . "<br>";
echo "Type: " . $_FILES["file"]["type"] . "<br>";
echo "Size: " . ($_FILES["file"]["size"] / 1024) . " kB<br>";
echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br>";
if (file_exists("upload/" . $_FILES["file"]["name"])) {
echo $_FILES["file"]["name"] . " already exists. ";
$image = $_FILES["file"]["name"];
} else {
move_uploaded_file($_FILES["file"]["tmp_name"], "upload/" . $_FILES["file"]["name"]);
echo "Stored in: " . "upload/" . $_FILES["file"]["name"];
$image = $_FILES["file"]["name"];
}
}
} else if ($_FILES["file"]["name"] == null) {
$image = $_SESSION['IMAGE'];
} else {
echo "Invalid file";
}
?>
<?php
include("includes/dbConnect.php");
$Department = $_SESSION['DEPARTMENT'];
$lname = $_POST['lname'];
$fname = $_POST['fname'];
$mname = $_POST['mname'];
$alias = $_POST['alias'];
$place = $_POST['place'];
$address = $_POST['address'];
$gender = $_POST['gender'];
$nationality = $_POST['nationality'];
$age = $_POST['age'];
$complexion = $_POST['complexion'];
$height = $_POST['height'];
$weight = $_POST['weight'];
$build = $_POST['build'];
$haircolor = $_POST['haircolor'];
$pecularities = $_POST['pecularities'];
$other = $_POST['other'];
$clname = $_POST['clname'];
$cfname = $_POST['cfname'];
$cmname = $_POST['cmname'];
$cnumber = $_POST['cnumber'];
$caddress = $_POST['caddress'];
$relationship = $_POST['relationship'];
$description = $_POST['description'];
$lastseen = $_POST['lastseen'];
mysql_query("INSERT INTO `persons`(LastName,FirstName,MiddleName,Image,Alias,Place,Address,Gender,Nationality,Age,Complexion,Height,Weight,Build,HairColor, Pecularities, Other, CLastName, CFirstName, CMiddleName, ContactNumber, Relationship, Status, CAddress,Description,Department,lastseen) VALUES ('$lname','$fname','$mname','$image','$alias', '$place','$address','$gender','$nationality','$age','$complexion','$height','$weight','$build','$haircolor','$pecularities', '$other','$clname','$cfname','$cmname','$cnumber','$relationship','Missing','$caddress','$description','$Department','$lastseen')");
header('location:admin_search.php');
mysql_close($con);
?>
The code above verifies the user input but it also saves invalid file the file name only not the file itself. I don't know what part has the error it execute the query part but the verification for upload image accepts different file type but I have extension allowExts.
you need to put exit as the code below.
else {
echo "Invalid file";
exit;
}
I'm trying to upload a video.
My mime config:
'wmv' => array('video/wmv', 'video/x-ms-wmv', 'flv-application/octet-stream', 'application/octet-stream'),
'flv' => array('video/x-flv', 'flv-application/octet-stream', 'application/octet-stream'),
'mp4' => 'video/mp4',
'3gp' => 'video/3gpp'
My view:
<div id="upload">
<?php
echo form_open_multipart('audio');
echo form_upload('userfile');
echo form_submit('upload','Upload');
echo form_close();
?>
</div>
My controller:
function index() {
$this->load->model('Audio_model');
if ($this->input->post('upload')) {
$this->Audio_model->do_upload();
}
$this->load->view('v_audio');
}
My model:
function do_upload() {
$config = array(
'allowed_types' => 'mp4|3gp|flv|mp3',
'max_size'=>'100000',
'upload_path' => $this->gallery_path
);
$this->load->library('upload', $config);
if ($this->upload->do_upload()) {
echo "Upload success!";
} else {
echo "Upload failed!";
}
}
I can upload mp3's successfully, but not mp4, 3gp or flv, they all fail to upload.
Add mime type in the config/mimes.php
'flv' => array('video/x-flv', 'flv-application/octet-stream', 'application/octet-stream'),
'mp4' => 'video/mp4',
'3gp' => 'video/3gpp'
and in root folder make Video folder its enough.....
Check with upload path and pass the name of the to $this->upload->do_upload('userfile') and increase max_size(upload_max_filesize = 10M) in php.ini
$allowedExts = array("jpg", "jpeg", "gif", "png", "mp3", "mp4", "wma");
$extension = pathinfo($_FILES['file']['name'], PATHINFO_EXTENSION);
if ((($_FILES["file"]["type"] == "video/mp4")
|| ($_FILES["file"]["type"] == "audio/mp3")
|| ($_FILES["file"]["type"] == "audio/wma")
|| ($_FILES["file"]["type"] == "image/pjpeg")
|| ($_FILES["file"]["type"] == "image/gif")
|| ($_FILES["file"]["type"] == "image/jpeg"))
&& ($_FILES["file"]["size"] < 20000)
&& in_array($extension, $allowedExts))
{
if ($_FILES["file"]["error"] > 0)
{
echo "Return Code: " . $_FILES["file"]["error"] . "<br />";
}
else
{
echo "Upload: " . $_FILES["file"]["name"] . "<br />";
echo "Type: " . $_FILES["file"]["type"] . "<br />";
echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />";
echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br />";
if (file_exists("upload/" . $_FILES["file"]["name"]))
{
echo $_FILES["file"]["name"] . " already exists. ";
}
else
{
move_uploaded_file($_FILES["file"]["tmp_name"],
"video/" . $_FILES["file"]["name"]);
echo "Stored in: " . "video/" . $_FILES["file"]["name"];
}
}
}
else
{
echo "Invalid file";
Im not super familiar with PHP, I have the following code which allows me to upload a file to the server. how can I make this upload multiple files, in my html I have already added the multiple property. the php code is this:
<?php
session_start();
$allowedExts = array("jpg", "jpeg", "gif", "png");
$extension = end(explode(".", $_FILES["file"]["name"]));
if ((($_FILES["file"]["type"] == "image/gif")
|| ($_FILES["file"]["type"] == "image/jpeg")
|| ($_FILES["file"]["type"] == "image/png")
|| ($_FILES["file"]["type"] == "image/pjpeg"))
&& ($_FILES["file"]["size"] < 20000)
&& in_array($extension, $allowedExts))
{
if ($_FILES["file"]["error"] > 0)
{
echo "Return Code: " . $_FILES["file"]["error"] . "<br />";
}
else
{
echo "Upload: " . $_FILES["file"]["name"] . "<br />";
echo "Type: " . $_FILES["file"]["type"] . "<br />";
echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />";
echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br />";
if (file_exists($_SESSION['user']."/" . $_FILES["file"]["name"]))
{
echo $_FILES["file"]["name"] . " already exists. ";
}
else
{
move_uploaded_file($_FILES["file"]["tmp_name"][$i],
$_SESSION['user']."/" . $_FILES["file"]["name"]);
echo "Stored in: " . $_SESSION['user']."/" . $_FILES["file"]["name"];
}
}
else
{
echo "Invalid file";
}
?>
Multiple files can be selected and then uploaded using the
<input type='file' name='file[]' multiple>
The sample php script that does the uploading:
<html>
<title>Upload</title>
<?php
session_start();
$target=$_POST['directory'];
if($target[strlen($target)-1]!='/')
$target=$target.'/';
$count=0;
foreach ($_FILES['file']['name'] as $filename)
{
$temp=$target;
$tmp=$_FILES['file']['tmp_name'][$count];
$count=$count + 1;
$temp=$temp.basename($filename);
move_uploaded_file($tmp,$temp);
$temp='';
$tmp='';
}
header("location:../../views/upload.php");
?>
</html>
The selected files are received as an array with
$_FILES['file']['name'][0] storing the name of first file.
$_FILES['file']['name'][1] storing the name of second file.
and so on.
Try this
$file = $_FILES['image_file'];
for($i = 0; $i < count($file['name']); $i++){
$image = array(
'name' => $file['name'][$i],
'type' => $file['type'][$i],
'size' => $file['size'][$i],
'tmp_name' => $file['tmp_name'][$i],
'error' => $file['error'][$i]
);
// Validate, upload, and save to the DB
}
This way, you've got a file "$image" exactly as if it was just one file selected, now you need to handle that file by using your code to upload your file. So for each '$_FILES' in your code just replace '$image'