search
HomeBackend DevelopmentPHP TutorialAnalysis of PHP's move_uploaded_file() function

Analysis of PHP's move_uploaded_file() function

Jun 19, 2018 pm 04:25 PM
move_uploaded_filephp

This article mainly introduces the PHP move_uploaded_file() function, which actually moves the uploaded file to a new location. Friends who need it can refer to the

Definition and usage

move_uploaded_file() Function moves the uploaded file to a new location.

If successful, return true, otherwise return false.

Syntax

move_uploaded_file(file,newloc)

##ParametersDescriptionfileRequired. Specifies the files to be moved. newlocRequired. Specifies the new location of the file.

Description

This function checks and ensures that the file specified by file is a legal upload file (that is, uploaded through PHP's HTTP POST upload mechanism). If the file is legal, it is moved to the file specified by newloc.

If file is not a legal uploaded file, no operation will occur and move_uploaded_file() will return false.

If file is a legal uploaded file but cannot be moved for some reason, no action will occur and move_uploaded_file() will return false and a warning will be issued.

This kind of check is particularly important if the uploaded file may cause its content to be displayed to the user or other users of this system.

Tips and Notes

Note: This function is only used for files uploaded via HTTP POST.

Note: If the target file already exists, it will be overwritten.

Security Supplement

Introduction from w3c, let’s talk about the problems I encountered.

Generally speaking, we will write the save file like this:

$fileName = $_SERVER['DOCUMENT_ROOT'].'/Basic/uploads/'.$_FILES['file']['name']; 
move_uploaded_file($_FILES['file']['tmp_name'],$fileName )

First explain, the meaning of these two codes: save the file directly, At the same time, the file name is also the name of the file uploaded by the user
Okay, now the risk is here:

① Save the file directly.

This means that the file will not be identified in any way. If a user uploads a piece of background code and saves it as a jpg suffix or other, if the administrator accidentally maps it to php and then accesses the background, - - Result It is conceivable that if he deletes all databases in the background, the entire website will directly GG. In short, saving files directly is very risky.

②Use the same file name as the user file name.

The above code will report an error if the user uses a Chinese file name.

As soon as the file name is involved, encoding is involved. If the file name is an English number, it is fine. If it contains Chinese characters, it will be a big problem and it must be re-encoded.

I think reliable storage should be like this:

①The files uploaded by users must be identified.

File recognition, this part has many functions. I think it is good to use MIME type, which is also difficult to forge.

② Change the file name.

I think it’s best to change the file name to a time format like “201803264104421”, or you can also correspond the file name to the database.

Supplement:

There are two parameters. The first parameter is the temporary file name after you upload it, which is automatically generated by the system. Usually the style is:

$_FILE["file"]["tmp_name"];

where file is the name of your front-end file upload form.
The second parameter is the new file name containing the path. For example:

"upload/1.jpg";

In this way, the file you uploaded will be moved to the subdirectory named upload in the current directory, and the file name will be saved as :1.jpg.

move_uploaded_file() function example

Use the move_uploaded_file() function to upload files to the server.

<?php
  $tmp_filename = $_FILES[&#39;myupload&#39;][&#39;tmp_name&#39;];
  if(!move_uploaded_file($tmp_filename,"/path/to/dest/{$_FILES[&#39;myupload&#39;][&#39;name&#39;]}")) {
   echo "An error has occurred moving the uploaded file.<BR>";
   echo "Please ensure that if safe_mode is on that the " . "UID PHP is using matches the file.";
   exit;
  } else {
   echo "The file has been successfully uploaded!";
  }
?>

move_uploaded_file File upload failure cases and solutions

Today I am implementing a method to upload avatars when users register When creating a PHP script for an image file, a problem occurred: the PHP script code is as follows:

<?php 
define(&#39;ROOT&#39;,dirname(__FILE__).&#39;/&#39;); 
 if ($_FILES["file"]["error"] > 0) 
 { 
  echo "Return Code: " . $_FILES["file"]["error"] . "<br />"; 
 } 
 else 
 { 
  echo "Upload: " . $_FILES["file"]["name"] . "<br />"; 
  echo "Type: " . $_FILES["file"]["type"] . "<br />"; 
  echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />"; 
  echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br />"; 
  if (file_exists("upload/" . $_FILES["file"]["name"])) 
  { 
   echo $_FILES["file"]["name"] . " already exists. "; 
  } 
  else 
  { 
   if(is_uploaded_file($_FILES[&#39;file&#39;][&#39;tmp_name&#39;])){ 
    $stored_path = ROOT.&#39;/upload/&#39;.basename($_FILES[&#39;file&#39;][&#39;name&#39;]); 
     
    if(move_uploaded_file($_FILES[&#39;file&#39;][&#39;tmp_name&#39;],$stored_path)){ 
     echo "Stored in: " . $stored_path; 
    }else{ 
     echo &#39;Stored failed:file save error&#39;; 
    } 
   }else{ 
    echo &#39;Stored failed:no post &#39;; 
   } 
   } 
 } 
?>

When I execute the above script, the script outputs "Stored failed: file save error", it was obviously an error. In the php_error_log file, I saw the error problem: insufficient permissions. I finally found the error: the destination directory where we store the images does not have permissions for the user executing PHP. The user who executes the PHP script is not the same user who wrote the script code and created the image folder, so I only need to change the file permissions to 777.

PHP Development Learning File Upload (move_uploaded_file)

Function: Move the uploaded temporary file to the upload directory. Upload has been created in the root directory! ! !

<form action="" enctype="multipart/form-data" method="post" 
  name="uploadfile">上传文件:<input type="file" name="upfile" /><br> 
 <input type="submit" value="上传" /></form> 
<?php 
//print_r($_FILES["upfile"]); 
if(is_uploaded_file($_FILES[&#39;upfile&#39;][&#39;tmp_name&#39;])){ 
 $upfile=$_FILES["upfile"]; 
//获取数组里面的值 
 $name=$upfile["name"];//上传文件的文件名 
 $type=$upfile["type"];//上传文件的类型 
 $size=$upfile["size"];//上传文件的大小 
 $tmp_name=$upfile["tmp_name"];//上传文件的临时存放路径 
//判断是否为图片 
 switch ($type){ 
  case &#39;image/pjpeg&#39;:$okType=true; 
   break; 
  case &#39;image/jpeg&#39;:$okType=true; 
   break; 
  case &#39;image/gif&#39;:$okType=true; 
   break; 
  case &#39;image/png&#39;:$okType=true; 
   break; 
 } 
 
 if($okType){ 
  /** 
   * 0:文件上传成功<br/> 
   * 1:超过了文件大小,在php.ini文件中设置<br/> 
   * 2:超过了文件的大小MAX_FILE_SIZE选项指定的值<br/> 
   * 3:文件只有部分被上传<br/> 
   * 4:没有文件被上传<br/> 
   * 5:上传文件大小为0 
   */ 
  $error=$upfile["error"];//上传后系统返回的值 
  echo "================<br/>"; 
  echo "上传文件名称是:".$name."<br/>"; 
  echo "上传文件类型是:".$type."<br/>"; 
  echo "上传文件大小是:".$size."<br/>"; 
  echo "上传后系统返回的值是:".$error."<br/>"; 
  echo "上传文件的临时存放路径是:".$tmp_name."<br/>"; 
 
  echo "开始移动上传文件<br/>"; 
//把上传的临时文件移动到upload目录下面(upload是在根目录下已经创建好的!!!) 
  move_uploaded_file($tmp_name,"upload/".$name); 
  $destination="upload/".$name; 
  echo "================<br/>"; 
  echo "上传信息:<br/>"; 
  if($error==0){ 
   echo "文件上传成功啦!"; 
   echo "<br>图片预览:<br>"; 
   echo "<img  src="/static/imghwm/default1.png"  data-src=".$destination."  class="lazy"   alt="Analysis of PHP's move_uploaded_file() function" >"; 
//echo " alt=\"图片预览:\r文件名:".$destination."\r上传时间:\">"; 
  }elseif ($error==1){ 
   echo "超过了文件大小,在php.ini文件中设置"; 
  }elseif ($error==2){ 
   echo "超过了文件的大小MAX_FILE_SIZE选项指定的值"; 
  }elseif ($error==3){ 
   echo "文件只有部分被上传"; 
  }elseif ($error==4){ 
   echo "没有文件被上传"; 
  }else{ 
   echo "上传文件大小为0"; 
  } 
 }else{ 
  echo "请上传jpg,gif,png等格式的图片!"; 
 } 
} 
?>

Execution results:

The above is the entire content of this article, I hope it will be useful for everyone’s learning For help, please pay attention to the PHP Chinese website for more related content!

Related recommendations:

Summary of methods for generating non-repeating random numbers in PHP

PHP Detailed explanation of page encoding declaration method (header or meta)

Summary of the three methods list(), each() and while of PHP looping through arrays

The above is the detailed content of Analysis of PHP's move_uploaded_file() function. For more information, please follow other related articles on the PHP Chinese website!

Statement
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
How do you modify data stored in a PHP session?How do you modify data stored in a PHP session?Apr 27, 2025 am 12:23 AM

TomodifydatainaPHPsession,startthesessionwithsession_start(),thenuse$_SESSIONtoset,modify,orremovevariables.1)Startthesession.2)Setormodifysessionvariablesusing$_SESSION.3)Removevariableswithunset().4)Clearallvariableswithsession_unset().5)Destroythe

Give an example of storing an array in a PHP session.Give an example of storing an array in a PHP session.Apr 27, 2025 am 12:20 AM

Arrays can be stored in PHP sessions. 1. Start the session and use session_start(). 2. Create an array and store it in $_SESSION. 3. Retrieve the array through $_SESSION. 4. Optimize session data to improve performance.

How does garbage collection work for PHP sessions?How does garbage collection work for PHP sessions?Apr 27, 2025 am 12:19 AM

PHP session garbage collection is triggered through a probability mechanism to clean up expired session data. 1) Set the trigger probability and session life cycle in the configuration file; 2) You can use cron tasks to optimize high-load applications; 3) You need to balance the garbage collection frequency and performance to avoid data loss.

How can you trace session activity in PHP?How can you trace session activity in PHP?Apr 27, 2025 am 12:10 AM

Tracking user session activities in PHP is implemented through session management. 1) Use session_start() to start the session. 2) Store and access data through the $_SESSION array. 3) Call session_destroy() to end the session. Session tracking is used for user behavior analysis, security monitoring, and performance optimization.

How can you use a database to store PHP session data?How can you use a database to store PHP session data?Apr 27, 2025 am 12:02 AM

Using databases to store PHP session data can improve performance and scalability. 1) Configure MySQL to store session data: Set up the session processor in php.ini or PHP code. 2) Implement custom session processor: define open, close, read, write and other functions to interact with the database. 3) Optimization and best practices: Use indexing, caching, data compression and distributed storage to improve performance.

Explain the concept of a PHP session in simple terms.Explain the concept of a PHP session in simple terms.Apr 26, 2025 am 12:09 AM

PHPsessionstrackuserdataacrossmultiplepagerequestsusingauniqueIDstoredinacookie.Here'showtomanagethemeffectively:1)Startasessionwithsession_start()andstoredatain$_SESSION.2)RegeneratethesessionIDafterloginwithsession_regenerate_id(true)topreventsessi

How do you loop through all the values stored in a PHP session?How do you loop through all the values stored in a PHP session?Apr 26, 2025 am 12:06 AM

In PHP, iterating through session data can be achieved through the following steps: 1. Start the session using session_start(). 2. Iterate through foreach loop through all key-value pairs in the $_SESSION array. 3. When processing complex data structures, use is_array() or is_object() functions and use print_r() to output detailed information. 4. When optimizing traversal, paging can be used to avoid processing large amounts of data at one time. This will help you manage and use PHP session data more efficiently in your actual project.

Explain how to use sessions for user authentication.Explain how to use sessions for user authentication.Apr 26, 2025 am 12:04 AM

The session realizes user authentication through the server-side state management mechanism. 1) Session creation and generation of unique IDs, 2) IDs are passed through cookies, 3) Server stores and accesses session data through IDs, 4) User authentication and status management are realized, improving application security and user experience.

See all articles

Hot AI Tools

Undresser.AI Undress

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress AI Tool

Undress images for free

Clothoff.io

Clothoff.io

AI clothes remover

Video Face Swap

Video Face Swap

Swap faces in any video effortlessly with our completely free AI face swap tool!

Hot Tools

PhpStorm Mac version

PhpStorm Mac version

The latest (2018.2.1) professional PHP integrated development tool

mPDF

mPDF

mPDF is a PHP library that can generate PDF files from UTF-8 encoded HTML. The original author, Ian Back, wrote mPDF to output PDF files "on the fly" from his website and handle different languages. It is slower than original scripts like HTML2FPDF and produces larger files when using Unicode fonts, but supports CSS styles etc. and has a lot of enhancements. Supports almost all languages, including RTL (Arabic and Hebrew) and CJK (Chinese, Japanese and Korean). Supports nested block-level elements (such as P, DIV),

MinGW - Minimalist GNU for Windows

MinGW - Minimalist GNU for Windows

This project is in the process of being migrated to osdn.net/projects/mingw, you can continue to follow us there. MinGW: A native Windows port of the GNU Compiler Collection (GCC), freely distributable import libraries and header files for building native Windows applications; includes extensions to the MSVC runtime to support C99 functionality. All MinGW software can run on 64-bit Windows platforms.

MantisBT

MantisBT

Mantis is an easy-to-deploy web-based defect tracking tool designed to aid in product defect tracking. It requires PHP, MySQL and a web server. Check out our demo and hosting services.

EditPlus Chinese cracked version

EditPlus Chinese cracked version

Small size, syntax highlighting, does not support code prompt function