move_uploaded_file
(PHP 4 >= 4.0.3, PHP 5, PHP 7, PHP 8)
move_uploaded_file — Moves an uploaded file to a new location
Description
This sort of check is especially important if there is any chance
that anything done with uploaded files could reveal their
contents to the user, or even to other users on the same
system.
Parameters
from
-
The filename of the uploaded file.
to
-
The destination of the moved file.
Return Values
Returns true
on success.
If from
is not a valid upload file,
then no action will occur, and
move_uploaded_file() will return
false
.
If from
is a valid upload file, but
cannot be moved for some reason, no action will occur, and
move_uploaded_file() will return
false
. Additionally, a warning will be issued.
Examples
Example #1 Uploading multiple files
<?php
$uploads_dir = '/uploads';
foreach ($_FILES["pictures"]["error"] as $key => $error) {
if ($error == UPLOAD_ERR_OK) {
$tmp_name = $_FILES["pictures"]["tmp_name"][$key];
// basename() may prevent filesystem traversal attacks;
// further validation/sanitation of the filename may be appropriate
$name = basename($_FILES["pictures"]["name"][$key]);
move_uploaded_file($tmp_name, "$uploads_dir/$name");
}
}
?>
Notes
Note:
move_uploaded_file() is
open_basedir
aware. However, restrictions are placed only on the
to
path as to allow the moving
of uploaded files in which from
may conflict
with such restrictions. move_uploaded_file() ensures
the safety of this operation by allowing only those files uploaded
through PHP to be moved.
Warning
If the destination file already exists, it will be overwritten.