PHP CURL File Upload (A Simple Example)

Welcome to a quick tutorial on how to upload a file with PHP CURL. Need to do a server-to-server file transfer with PHP? Yes, it is definitely possible.

To do a file upload with PHP CURL, simply set CURL to do a POST and attach the file.

  • $cf = new CURLFile("FILE-TO-UPLOAD.EXT");
  • $ch = curl_init();
  • curl_setopt($ch, CURLOPT_URL, "HTTP://SITE.COM/");
  • curl_setopt($ch, CURLOPT_POST, true);
  • curl_setopt($ch, CURLOPT_POSTFIELDS, ["upload" => $cf]);
  • curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
  • $result = curl_exec($ch);
  • curl_close($ch);

That covers the basics, but let us walk through a simple example in this guide – Read on!

 

 

TABLE OF CONTENTS

 

DOWNLOAD & NOTES

Here is the download link to the example code, so you don’t have to copy-paste everything.

 

EXAMPLE CODE DOWNLOAD

Source code on GitHub Gist

Just click on “download zip” or do a git clone. I have released it under the MIT license, so feel free to build on top of it or use it in your own project.

 

SORRY FOR THE ADS...

But someone has to pay the bills, and sponsors are paying for it. I insist on not turning Code Boxx into a "paid scripts" business, and I don't "block people with Adblock". Every little bit of support helps.

Buy Me A Coffee Code Boxx eBooks

 

 

CURL FILE UPLOAD IN PHP

All right, let us now get into the example of how to upload a file using PHP CURL.

 

SERVER A) FILE UPLOAD WITH CURL

1-upload.php
<?php
// SERVER A - UPLOAD FILE VIA CURL POST
// (A) SETTINGS
$url = "http://localhost/2-receive.php"; // where to upload file to
$file = __DIR__ . DIRECTORY_SEPARATOR . "README.txt"; // file to upload
$upname = "uploaded.txt"; // file name to be uploaded as

// (B) NEW CURL FILE
$cf = new CURLFile($file, mime_content_type($file), $upname);

// (C) CURL INIT
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, [
  "upload" => $cf, // attach file upload
  "KEY" => "VALUE" // optional - append more post data
]);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

// (D) CURL RUN
// (D1) GO!
$result = curl_exec($ch);

// (D2) CURL ERROR
if (curl_errno($ch)) {
  echo "CURL ERROR - " . curl_error($ch);
}

// (D3) CURL OK - DO YOUR "POST UPLOAD" HERE
else {
  // $info = curl_getinfo($ch);
  // print_r($info);
  echo $result;
}

// (D4) DONE
curl_close($ch);

This is pretty much a fancy version of the snippet in the introduction.

  1. First, we start by defining some settings. Where to upload the file, which file to upload, and what file name to upload as.
  2. Create a new CURL file object.
  3. Initiate the CURL request, and attach the CURL file object.
  4. Run the CURL file upload, and deal with the “upload ok/failed”.

 

 

SERVER B) HANDLE THE FILE UPLOAD

2-receive.php
<?php
// SERVER B - RECEIVE FILE UPLOAD
echo "SERVER B FILE UPLOAD - ";
echo move_uploaded_file($_FILES["upload"]["tmp_name"], $_FILES["upload"]["name"])
? "OK" : "ERROR" ;

Yep, if you need to deal with the upload on the other server – Just deal with it as a “normal file upload”.

 

EXTRAS

That’s all for the main tutorial, and here is a small section on some extras and links that may be useful to you.

 

EXTRA) UPLOAD SECURITY

Take note that 2-server.php is open to the public, anyone can upload anything. There are many ways to restrict the upload, I am just going to list a few possibilities:

  • Just keep both 1-upload.php and 2-receive.php within a local intranet.
  • Protect 2-receive.php with basic HTTP AUTH. Yes, CURL can include HTTP authorization headers – Too long to explain, do research on your own.
  • If “Server A” has a fixed IP address, do an IP check on “Server B” – if ($_SERVER["REMOTE_ADDR"]=="ALLOWED ADDRESS") { PROCEED UPLOAD }
  • If both servers have access to a shared database:
    • Server A creates an upload token in the database that is valid for 5~10 minutes.
    • Server A uploads the file along with the token.
    • Server B validates the token against the database before allowing the upload.
    • In short – A simple CSRF protection token.

 

 

LINKS & REFERENCES

 

THE END

Thank you for reading, and we have come to the end. I hope that it has helped you to better understand, and if you want to share anything with this guide, please feel free to comment below. Good luck and happy coding!

3 thoughts on “PHP CURL File Upload (A Simple Example)”

    1. If you mean “verify POST variables”, simply do print_r($_POST) on server B.
      If you mean “user upload authentication”, see “UPLOAD SECURITY” above.

Comments are closed.