Checking uploaded files

bool is_uploaded_file ( string filename)

The move_uploaded_file() function is basically the same as the rename() function with the difference that it only succeeds if the file was just uploaded by the PHP script - this adds extra security to your script, by stopping people trying to move secure data, such as password files, into a public directory.

If you want to perform this check yourself, use the is_uploaded_file() function - it takes a filename as its sole parameter, and returns true if the file was uploaded by the script and false if not. Here is a simple example:

if (is_uploaded_file($somefile)) {
copy($somefile, "/var/www/userfiles/$somefile");

If you just want to check whether a file was uploaded before you move it, move_uploaded_file() is better.


Next chapter: Locking files with flock() >>

Previous chapter: Advanced file upload handling

Jump to:


Home: Table of Contents

Follow us on or Twitter

Username:   Password:
Create Account | About TuxRadar