PHP CURL File Upload (A Simple Example)

Welcome to a quick tutorial on how to upload a file with PHP CURL. Need to do a server-to-server file transfer with PHP? Yes, it is definitely possible.

To do a file upload with PHP CURL, simply set CURL to do a POST and attach the file.

  • $cf = new CURLFile("FILE-TO-UPLOAD.EXT");
  • $ch = curl_init();
  • curl_setopt($ch, CURLOPT_URL, "HTTP://SITE.COM/");
  • curl_setopt($ch, CURLOPT_POST, true);
  • curl_setopt($ch, CURLOPT_POSTFIELDS, ["upload" => $cf]);
  • curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
  • $result = curl_exec($ch);
  • curl_close($ch);

That covers the basics, but let us walk through a simple example in this guide – Read on!

ⓘ I have included a zip file with all the source code at the start of this tutorial, so you don’t have to copy-paste everything… Or if you just want to dive straight in.

 

 

TLDR – QUICK SLIDES

Fullscreen Mode – Click Here

 

TABLE OF CONTENTS

 

DOWNLOAD & NOTES

Firstly, here is the download link to the example code as promised.

 

QUICK NOTES

If you spot a bug, feel free to comment below. I try to answer short questions too, but it is one person versus the entire world… If you need answers urgently, please check out my list of websites to get help with programming.

 

EXAMPLE CODE DOWNLOAD

Click here to download all the example source code, I have released it under the MIT license, so feel free to build on top of it or use it in your own project.

 

 

CURL FILE UPLOAD IN PHP

All right, let us now get into the example of how to upload a file using PHP CURL.

 

SERVER A) FILE UPLOAD WITH CURL

1-upload.php
<?php
// SERVER A - UPLOAD FILE VIA CURL POST
// (A) SETTINGS
$url = "http://localhost/2-receive.php"; // where to upload file to
$file = __DIR__ . DIRECTORY_SEPARATOR . "README.txt"; // file to upload
$upname = "uploaded.txt"; // file name to be uploaded as

// (B) NEW CURL FILE
$cf = new CURLFile($file, mime_content_type($file), $upname);

// (C) CURL INIT
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, [
  "upload" => $cf, // attach file upload
  "KEY" => "VALUE" // optional - append more post data
]);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

// (D) CURL RUN
// (D1) GO!
$result = curl_exec($ch);

// (D2) CURL ERROR
if (curl_errno($ch)) {
  echo "CURL ERROR - " . curl_error($ch);
}

// (D3) CURL OK - DO YOUR "POST UPLOAD" HERE
else {
  // $info = curl_getinfo($ch);
  // print_r($info);
  echo $result;
}

// (D4) DONE
curl_close($ch);

This is pretty much a fancy version of the snippet in the introduction.

  1. First, we start by defining some settings. Where to upload the file, which file to upload, and what file name to upload as.
  2. Create a new CURL file object.
  3. Initiate the CURL request, and attach the CURL file object.
  4. Run the CURL file upload, and deal with the “upload ok/failed”.

 

 

SERVER B) HANDLE THE FILE UPLOAD

2-receive.php
<?php
// SERVER B - RECEIVE FILE UPLOAD
echo "SERVER B FILE UPLOAD - ";
echo move_uploaded_file($_FILES["upload"]["tmp_name"], $_FILES["upload"]["name"])
? "OK" : "ERROR" ;

Yep, if you need to deal with the upload on the other server – Just deal with it as a “normal file upload”.

 

EXTRA BITS & LINKS

That’s all for the main tutorial, and here is a small section on some extras and links that may be useful to you.

 

EXTRA) UPLOAD SECURITY

Take note that 2-server.php is open to the public, anyone can upload anything. There are many ways to restrict the upload, I am just going to list a few possibilities:

  • Just keep both 1-upload.php and 2-receive.php within a local intranet.
  • Protect 2-receive.php with basic HTTP AUTH. Yes, CURL can include HTTP authorization headers – Too long to explain, do research on your own.
  • If “Server A” has a fixed IP address, do an IP check on “Server B” – if ($_SERVER["REMOTE_ADDR"]=="ALLOWED ADDRESS") { PROCEED UPLOAD }
  • If both servers have access to a shared database:
    • Server A creates an upload token in the database that is valid for 5~10 minutes.
    • Server A uploads the file along with the token.
    • Server B validates the token against the database before allowing the upload.
    • In short – A simple CSRF protection token.

 

 

LINKS & REFERENCES

 

INFOGRAPHIC CHEAT SHEET

PHP CURL File Upload (click to enlarge)

 

THE END

Thank you for reading, and we have come to the end. I hope that it has helped you to better understand, and if you want to share anything with this guide, please feel free to comment below. Good luck and happy coding!

3 thoughts on “PHP CURL File Upload (A Simple Example)”

    1. If you mean “verify POST variables”, simply do print_r($_POST) on server B.
      If you mean “user upload authentication”, see “UPLOAD SECURITY” above.

Leave a Comment

Your email address will not be published. Required fields are marked *