move_uploaded_file
Moves an uploaded file to a new location
Description
bool move_uploaded_file(string $from
, string $to
)
This sort of check is especially important if there is any chance
that anything done with uploaded files could reveal their
contents to the user, or even to other users on the same
system.
Parameters
-
from
-
The filename of the uploaded file.
-
to
-
The destination of the moved file.
Return Values
Returns true
on success.
If from
is not a valid upload file,
then no action will occur, and
move_uploaded_file will return
false
.
If from
is a valid upload file, but
cannot be moved for some reason, no action will occur, and
move_uploaded_file will return
false
. Additionally, a warning will be issued.
Examples
Example #1 Uploading multiple files
<?php
$uploads_dir = '/uploads';
foreach ($_FILES["pictures"]["error"] as $key => $error) {
if ($error == UPLOAD_ERR_OK) {
$tmp_name = $_FILES["pictures"]["tmp_name"][$key];
// basename() may prevent filesystem traversal attacks;
// further validation/sanitation of the filename may be appropriate
$name = basename($_FILES["pictures"]["name"][$key]);
move_uploaded_file($tmp_name, "$uploads_dir/$name");
}
}
?>
Notes
Note:
move_uploaded_file is
open_basedir
aware. However, restrictions are placed only on the
to
path as to allow the moving
of uploaded files in which from
may conflict
with such restrictions. move_uploaded_file ensures
the safety of this operation by allowing only those files uploaded
through PHP to be moved.
Warning
If the destination file already exists, it will be overwritten.