bool is_uploaded_file ( string filename)
The move_uploaded_file() function is basically the same as the rename() function with the difference that it only succeeds if the file was just uploaded by the PHP script - this adds extra security to your script, by stopping people trying to move secure data, such as password files, into a public directory.
If you want to perform this check yourself, use the is_uploaded_file() function - it takes a filename as its sole parameter, and returns true if the file was uploaded by the script and false if not. Here is a simple example:
if (is_uploaded_file($somefile)) {
copy($somefile, "/var/www/userfiles/$somefile");
}
If you just want to check whether a file was uploaded before you move it, move_uploaded_file() is better.
Want to learn PHP 7?
Hacking with PHP has been fully updated for PHP 7, and is now available as a downloadable PDF. Get over 1200 pages of hands-on PHP learning today!
If this was helpful, please take a moment to tell others about Hacking with PHP by tweeting about it!
Next chapter: Locking files with flock() >>
Previous chapter: Advanced file upload handling
Jump to:
Home: Table of Contents
Copyright ©2015 Paul Hudson. Follow me: @twostraws.