Advertisement
Google Ad Slot: content-top
Zend File Upload
What is File Upload?
File Upload in Zend allows users to upload files (e.g., images, videos, documents) from a form to the server. Zend provides native support via $_FILES handling and offers additional tools like Input Filters and Validators.
Why Use File Upload?
Feature |
Benefit |
|---|---|
Upload Media |
Let users upload images, videos, documents |
Server-side Validation |
Ensure only safe, allowed file types are uploaded |
File Previews |
Show preview of images/videos after upload |
Save in Public Directory |
Easily access and use uploaded files in your app |
Basic File Upload Structure
1. Add Route in module.config.php (module/Application/config/module.config.php)
'upload' => [ 'type' => 'Literal', 'options' => [ 'route' => '/upload', 'defaults' => [ 'controller' => \Application\Controller\UploadController::class, 'action' => 'index', ], ], ],
2. Create Controller (module\Application\src\Controller\UploadController.php)
namespace Application\Controller;
use Laminas\Mvc\Controller\AbstractActionController;
use Laminas\View\Model\ViewModel;
class UploadController extends AbstractActionController
{
public function indexAction()
{
$request = $this->getRequest();
$fileUrl = null;
$mimeType = null;
if ($request->isPost()) {
$files = $request->getFiles();
$file = $files['file'] ?? null;
if ($file && $file['error'] === UPLOAD_ERR_OK) {
$mimeType = mime_content_type($file['tmp_name']);
$allowedTypes = ['image/jpeg', 'image/png', 'image/gif', 'video/mp4', 'video/avi', 'video/mov'];
if (!in_array($mimeType, $allowedTypes)) {
return new ViewModel(['error' => 'Invalid file type']);
}
$uploadDir = 'public/uploads';
if (!is_dir($uploadDir)) {
mkdir($uploadDir, 0777, true);
}
$filename = time() . '_' . basename($file['name']);
$targetPath = $uploadDir . '/' . $filename;
move_uploaded_file($file['tmp_name'], $targetPath);
$fileUrl = '/uploads/' . $filename;
} else {
return new ViewModel(['error' => 'Upload error']);
}
}
return new ViewModel([
'fileUrl' => $fileUrl,
'mime' => $mimeType,
'error' => $request->getPost('error', null)
]);
}
}
3. View Template (module\Application\view\application\main\home.phtml)
<h2>📤 File Upload (Image / Video)</h2> <?php if (!empty($this->error)): ?> <div style="color: red;">❌ <?= $this->error ?></div> <?php endif; ?> <form method="POST" enctype="multipart/form-data"> <label>Select File (image/video):</label><br> <input type="file" name="file" accept="image/*,video/*" required><br><br> <button type="submit">Upload</button> </form> <?php if (!empty($this->fileUrl)): ?> <h3>✅ Preview:</h3> <?php if (strpos($this->mime, 'image/') === 0): ?> <img src="<?= $this->fileUrl ?>" alt="Uploaded Image" style="max-width: 300px;"> <?php elseif (strpos($this->mime, 'video/') === 0): ?> <video controls style="max-width: 300px;"> <source src="<?= $this->fileUrl ?>" type="<?= $this->mime ?>"> Your browser does not support the video tag. </video> <?php endif; ?> <?php endif; ?>
Form Requirement
Element |
Required |
|---|---|
enctype="multipart/form-data" |
Needed to allow file uploads |
POST method |
Must use POST method |
Security Tip
Check |
Purpose |
|---|---|
mime_content_type() |
Ensure file is really an image/video |
basename() |
Avoid directory traversal |
Rename uploaded file |
Prevent file name conflicts |
CSRF token (optional) |
Prevent Cross-Site Request Forgery |