media_handle_upload( string $file_id, int $post_id, array $post_data = array(), array $overrides = array(‘test_form’ => false) ): int|WP_Error

Saves a file submitted from a POST request and create an attachment post for it.

Parameters

$file_idstringrequired
Index of the $_FILES array that the file was sent.
$post_idintrequired
The post ID of a post to attach the media item to. Required, but can be set to 0, creating a media item that has no relationship to a post.
$post_dataarrayoptional
Overwrite some of the attachment.

Default:array()

$overridesarrayoptional
Override the wp_handle_upload() behavior.
More Arguments from wp_handle_upload( … $overrides )An array of override parameters for this file, or boolean false if none are provided.
  • upload_error_handler callable
    Function to call when there is an error during the upload process.
    See wp_handle_upload_error().
  • unique_filename_callback callable
    Function to call when determining a unique file name for the file.
    See wp_unique_filename().
  • upload_error_strings string[]
    The strings that describe the error indicated in $_FILES[{form field}]['error'].
  • test_form bool
    Whether to test that the $_POST['action'] parameter is as expected.
  • test_size bool
    Whether to test that the file size is greater than zero bytes.
  • test_type bool
    Whether to test that the mime type of the file is as expected.
  • mimes string[]
    Array of allowed mime types keyed by their file extension regex.

Default:array('test_form' => false)

Return

int|WP_Error ID of the attachment or a WP_Error object on failure.

Source

function media_handle_upload( $file_id, $post_id, $post_data = array(), $overrides = array( 'test_form' => false ) ) {
	$time = current_time( 'mysql' );
	$post = get_post( $post_id );

	if ( $post ) {
		// The post date doesn't usually matter for pages, so don't backdate this upload.
		if ( 'page' !== $post->post_type && substr( $post->post_date, 0, 4 ) > 0 ) {
			$time = $post->post_date;
		}
	}

	$file = wp_handle_upload( $_FILES[ $file_id ], $overrides, $time );

	if ( isset( $file['error'] ) ) {
		return new WP_Error( 'upload_error', $file['error'] );
	}

	$name = $_FILES[ $file_id ]['name'];
	$ext  = pathinfo( $name, PATHINFO_EXTENSION );
	$name = wp_basename( $name, ".$ext" );

	$url     = $file['url'];
	$type    = $file['type'];
	$file    = $file['file'];
	$title   = sanitize_text_field( $name );
	$content = '';
	$excerpt = '';

	if ( preg_match( '#^audio#', $type ) ) {
		$meta = wp_read_audio_metadata( $file );

		if ( ! empty( $meta['title'] ) ) {
			$title = $meta['title'];
		}

		if ( ! empty( $title ) ) {

			if ( ! empty( $meta['album'] ) && ! empty( $meta['artist'] ) ) {
				/* translators: 1: Audio track title, 2: Album title, 3: Artist name. */
				$content .= sprintf( __( '"%1$s" from %2$s by %3$s.' ), $title, $meta['album'], $meta['artist'] );
			} elseif ( ! empty( $meta['album'] ) ) {
				/* translators: 1: Audio track title, 2: Album title. */
				$content .= sprintf( __( '"%1$s" from %2$s.' ), $title, $meta['album'] );
			} elseif ( ! empty( $meta['artist'] ) ) {
				/* translators: 1: Audio track title, 2: Artist name. */
				$content .= sprintf( __( '"%1$s" by %2$s.' ), $title, $meta['artist'] );
			} else {
				/* translators: %s: Audio track title. */
				$content .= sprintf( __( '"%s".' ), $title );
			}
		} elseif ( ! empty( $meta['album'] ) ) {

			if ( ! empty( $meta['artist'] ) ) {
				/* translators: 1: Audio album title, 2: Artist name. */
				$content .= sprintf( __( '%1$s by %2$s.' ), $meta['album'], $meta['artist'] );
			} else {
				$content .= $meta['album'] . '.';
			}
		} elseif ( ! empty( $meta['artist'] ) ) {

			$content .= $meta['artist'] . '.';

		}

		if ( ! empty( $meta['year'] ) ) {
			/* translators: Audio file track information. %d: Year of audio track release. */
			$content .= ' ' . sprintf( __( 'Released: %d.' ), $meta['year'] );
		}

		if ( ! empty( $meta['track_number'] ) ) {
			$track_number = explode( '/', $meta['track_number'] );

			if ( is_numeric( $track_number[0] ) ) {
				if ( isset( $track_number[1] ) && is_numeric( $track_number[1] ) ) {
					$content .= ' ' . sprintf(
						/* translators: Audio file track information. 1: Audio track number, 2: Total audio tracks. */
						__( 'Track %1$s of %2$s.' ),
						number_format_i18n( $track_number[0] ),
						number_format_i18n( $track_number[1] )
					);
				} else {
					$content .= ' ' . sprintf(
						/* translators: Audio file track information. %s: Audio track number. */
						__( 'Track %s.' ),
						number_format_i18n( $track_number[0] )
					);
				}
			}
		}

		if ( ! empty( $meta['genre'] ) ) {
			/* translators: Audio file genre information. %s: Audio genre name. */
			$content .= ' ' . sprintf( __( 'Genre: %s.' ), $meta['genre'] );
		}

		// Use image exif/iptc data for title and caption defaults if possible.
	} elseif ( str_starts_with( $type, 'image/' ) ) {
		$image_meta = wp_read_image_metadata( $file );

		if ( $image_meta ) {
			if ( trim( $image_meta['title'] ) && ! is_numeric( sanitize_title( $image_meta['title'] ) ) ) {
				$title = $image_meta['title'];
			}

			if ( trim( $image_meta['caption'] ) ) {
				$excerpt = $image_meta['caption'];
			}
		}
	}

	// Construct the attachment array.
	$attachment = array_merge(
		array(
			'post_mime_type' => $type,
			'guid'           => $url,
			'post_parent'    => $post_id,
			'post_title'     => $title,
			'post_content'   => $content,
			'post_excerpt'   => $excerpt,
		),
		$post_data
	);

	// This should never be set as it would then overwrite an existing attachment.
	unset( $attachment['ID'] );

	// Save the data.
	$attachment_id = wp_insert_attachment( $attachment, $file, $post_id, true );

	if ( ! is_wp_error( $attachment_id ) ) {
		/*
		 * Set a custom header with the attachment_id.
		 * Used by the browser/client to resume creating image sub-sizes after a PHP fatal error.
		 */
		if ( ! headers_sent() ) {
			header( 'X-WP-Upload-Attachment-ID: ' . $attachment_id );
		}

		/*
		 * The image sub-sizes are created during wp_generate_attachment_metadata().
		 * This is generally slow and may cause timeouts or out of memory errors.
		 */
		wp_update_attachment_metadata( $attachment_id, wp_generate_attachment_metadata( $attachment_id, $file ) );
	}

	return $attachment_id;
}

Changelog

VersionDescription
2.5.0Introduced.

User Contributed Notes

  1. Skip to note 3 content

    Upload an attachment from a form on the front end of the site.

    The upload form might look like this:

    <form id="featured_upload" method="post" action="#" enctype="multipart/form-data">
    	<input type="file" name="my_image_upload" id="my_image_upload"  multiple="false" />
    	<input type="hidden" name="post_id" id="post_id" value="55" />
    	<?php wp_nonce_field( 'my_image_upload', 'my_image_upload_nonce' ); ?>
    	<input id="submit_my_image_upload" name="submit_my_image_upload" type="submit" value="Upload" />
    </form>

    The code to save the attachment:

    <?php
    
    // Check that the nonce is valid, and the user can edit this post.
    if ( 
    	isset( $_POST['my_image_upload_nonce'], $_POST['post_id'] ) 
    	&& wp_verify_nonce( $_POST['my_image_upload_nonce'], 'my_image_upload' )
    	&& current_user_can( 'edit_post', $_POST['post_id'] )
    ) {
    	// The nonce was valid and the user has the capabilities, it is safe to continue.
    
    	// These files need to be included as dependencies when on the front end.
    	require_once( ABSPATH . 'wp-admin/includes/image.php' );
    	require_once( ABSPATH . 'wp-admin/includes/file.php' );
    	require_once( ABSPATH . 'wp-admin/includes/media.php' );
    	
    	// Let WordPress handle the upload.
    	// Remember, 'my_image_upload' is the name of our file input in our form above.
    	$attachment_id = media_handle_upload( 'my_image_upload', $_POST['post_id'] );
    	
    	if ( is_wp_error( $attachment_id ) ) {
    		// There was an error uploading the image.
    	} else {
    		// The image was uploaded successfully!
    	}
    
    } else {
    
    	// The security check failed, maybe show the user an error.
    }

You must log in before being able to contribute a note or feedback.