Image Upload

The following sections describe how to handle image uploads on your server using PHP as a server-side language. For information on the upload workflow refer to the image upload documentation.


Setting up the index page.

  1. On the head section include the Editor style.

  2. <!DOCTYPE html>
        <meta charset="utf-8">
        <link href="" rel="stylesheet" type="text/css" />
  3. On the body section include the Editor JS files and define the area for the editor.

  4.     <body>  
        <script type="text/javascript" src=""></script>
        <div class="sample">
        <h2>image upload example.</h2>
        <textarea id="edit" name="content"></textarea>
  5. Initialize the editor and set the image upload URL

  6.     <script>
        new FroalaEditor('#edit', {
        // Set the image upload URL.
        imageUploadURL: '/UploadFiles',
        imageUploadParams: {
        id: 'my_editor'

The full code should look like this:

<!DOCTYPE html>
    <meta charset="utf-8">
    <link href="" rel="stylesheet" type="text/css" />
    <script type="text/javascript" src=""></script>
    <div class="sample">
    <h2>Image upload example.</h2>
    <textarea id="edit" name="content"></textarea>
    new FroalaEditor('#edit', {
    imageUploadURL: '/UploadFiles',
    fileUploadParams: {
    id: 'my_editor'


upload_image.php handles the upload part. It has basic image format validations that can be easily extended.

The uploads directory must be set to a valid location before making uploads. The path can be any folder that is accessible and writable.

If the uploaded image passes the validation step, the server responds with a JSON object containing a link to the uploaded file.

e.g.: {"link":"http://server_address/uploads/name_of_file"}.

  try {
  // File Route.
  $fileRoute = "/uploads/";
  $fieldname = "file";
  // Get filename.
  $filename = explode(".", $_FILES[$fieldname]["name"]);
  // Validate uploaded files.
  // Do not use $_FILES["file"]["type"] as it can be easily forged.
  $finfo = finfo_open(FILEINFO_MIME_TYPE);
  // Get temp file name.
  $tmpName = $_FILES[$fieldname]["tmp_name"];
  // Get mime type.
  $mimeType = finfo_file($finfo, $tmpName);
  // Get extension. You must include fileinfo PHP extension.
  $extension = end($filename);
  // Allowed extensions.
  $allowedExts = array("gif", "jpeg", "jpg", "png", "svg", "blob");
  // Allowed mime types.
  $allowedMimeTypes = array("image/gif", "image/jpeg", "image/pjpeg", "image/x-png", "image/png", "image/svg+xml");
  // Validate image.
  if (!in_array(strtolower($mimeType), $allowedMimeTypes) || !in_array(strtolower($extension), $allowedExts)) {
  throw new \Exception("File does not meet the validation.");
  // Generate new random name.
  $name = sha1(microtime()) . "." . $extension;
  $fullNamePath = dirname(__FILE__) . $fileRoute . $name;
  // Check server protocol and load resources accordingly.
  if (isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] != "off") {
  $protocol = "https://";
  } else {
  $protocol = "http://";
  // Save file in the uploads folder.
  move_uploaded_file($tmpName, $fullNamePath);
  // Generate response.
  $response = new \StdClass;
  $response->link = $protocol.$_SERVER["HTTP_HOST"].dirname($_SERVER["PHP_SELF"]).$fileRoute . $name;
  // Send response.
  echo stripslashes(json_encode($response));
  } catch (Exception $e) {
  // Send error response.
  echo $e->getMessage();

