(PHP 4 >= 4.0.3, PHP 5, PHP 7)
move_uploaded_file — Moves an uploaded file to a new location
$filename
, string $destination
)
This function checks to ensure that the file designated by
filename
is a valid upload file (meaning
that it was uploaded via PHP's HTTP POST upload mechanism). If
the file is valid, it will be moved to the filename given by
destination
.
This sort of check is especially important if there is any chance that anything done with uploaded files could reveal their contents to the user, or even to other users on the same system.
filename
The filename of the uploaded file.
destination
The destination of the moved file.
Returns TRUE
on success.
If filename
is not a valid upload file,
then no action will occur, and
move_uploaded_file() will return
FALSE
.
If filename
is a valid upload file, but
cannot be moved for some reason, no action will occur, and
move_uploaded_file() will return
FALSE
. Additionally, a warning will be issued.
Example #1 Uploading multiple files
<?php
$uploads_dir = '/uploads';
foreach ($_FILES["pictures"]["error"] as $key => $error) {
if ($error == UPLOAD_ERR_OK) {
$tmp_name = $_FILES["pictures"]["tmp_name"][$key];
// basename() may prevent filesystem traversal attacks;
// further validation/sanitation of the filename may be appropriate
$name = basename($_FILES["pictures"]["name"][$key]);
move_uploaded_file($tmp_name, "$uploads_dir/$name");
}
}
?>
Note:
move_uploaded_file() is both safe mode and open_basedir aware. However, restrictions are placed only on the
destination
path as to allow the moving of uploaded files in whichfilename
may conflict with such restrictions. move_uploaded_file() ensures the safety of this operation by allowing only those files uploaded through PHP to be moved.
If the destination file already exists, it will be overwritten.