Checking uploaded files

bool is_uploaded_file ( string filename)

The move_uploaded_file() function is basically the same as the rename() function with the difference that it only succeeds if the file was just uploaded by the PHP script - this adds extra security to your script, by stopping people trying to move secure data, such as password files, into a public directory.

If you want to perform this check yourself, use the is_uploaded_file() function - it takes a filename as its sole parameter, and returns true if the file was uploaded by the script and false if not. Here is a simple example:

if (is_uploaded_file($somefile)) {
    copy($somefile, "/var/www/userfiles/$somefile");

If you just want to check whether a file was uploaded before you move it, move_uploaded_file() is better.


Want to learn PHP 7?

Hacking with PHP has been fully updated for PHP 7, and is now available as a downloadable PDF. Get over 1200 pages of hands-on PHP learning today!

If this was helpful, please take a moment to tell others about Hacking with PHP by tweeting about it!

Next chapter: Locking files with flock() >>

Previous chapter: Advanced file upload handling

Jump to:


Home: Table of Contents

Copyright ©2015 Paul Hudson. Follow me: @twostraws.