move_uploaded_file

Moves an uploaded file to a new location

Description

bool move_uploaded_file(string $from, string $to)

This function checks to ensure that the file designated by from is a valid upload file (meaning that it was uploaded via PHP's HTTP POST upload mechanism). If the file is valid, it will be moved to the filename given by to.

This sort of check is especially important if there is any chance that anything done with uploaded files could reveal their contents to the user, or even to other users on the same system.

Parameters

from

The filename of the uploaded file.

to

The destination of the moved file.

Return Values

Returns true on success.

If from is not a valid upload file, then no action will occur, and move_uploaded_file will return false.

If from is a valid upload file, but cannot be moved for some reason, no action will occur, and move_uploaded_file will return false. Additionally, a warning will be issued.

Examples

Example #1 Uploading multiple files

<?php
$uploads_dir = '/uploads';
foreach ($_FILES["pictures"]["error"] as $key => $error) {
    if ($error == UPLOAD_ERR_OK) {
        $tmp_name = $_FILES["pictures"]["tmp_name"][$key];
        // basename() may prevent filesystem traversal attacks;
        // further validation/sanitation of the filename may be appropriate
        $name = basename($_FILES["pictures"]["name"][$key]);
        move_uploaded_file($tmp_name, "$uploads_dir/$name");
    }
}
?>

Notes

Note:

move_uploaded_file is open_basedir aware. However, restrictions are placed only on the to path as to allow the moving of uploaded files in which from may conflict with such restrictions. move_uploaded_file ensures the safety of this operation by allowing only those files uploaded through PHP to be moved.

Warning

If the destination file already exists, it will be overwritten.

See Also