Community Learn Tools Library Leisure
search
English
Home > Backend Development > PHP Tutorial > body text

move_uploaded_file() function in PHP

不言
Release: 2023-03-30 14:08:01
Original
2444 people have browsed it

This article mainly introduces the PHP move_uploaded_file() function, which actually moves the uploaded file to a new location. Friends who need it can refer to the

Definition and usage

move_uploaded_file() Function moves the uploaded file to a new location.

If successful, return true, otherwise return false.

Syntax

move_uploaded_file(file,newloc)

##ParametersDescriptionfileRequired. Specifies the files to be moved. newlocRequired. Specifies the new location of the file.
Explanation

This function checks and ensures that the file specified by file is a legal upload file (that is, uploaded through PHP's HTTP POST upload mechanism) . If the file is legal, it is moved to the file specified by newloc.

If file is not a legal uploaded file, no operation will occur and move_uploaded_file() will return false.

If file is a legal uploaded file but cannot be moved for some reason, no action will occur and move_uploaded_file() will return false and a warning will be issued.

This kind of check is particularly important if the uploaded file may cause its content to be displayed to the user or other users of this system.

Tips and Notes

Note: This function is only used for files uploaded via HTTP POST.

Note: If the target file already exists, it will be overwritten.

Security Supplement

Introduction from w3c, let’s talk about the problems I encountered.

Generally speaking, we will write the save file like this: 

$fileName = $_SERVER['DOCUMENT_ROOT'].'/Basic/uploads/'.$_FILES['file']['name']; 
move_uploaded_file($_FILES['file']['tmp_name'],$fileName )
Copy after login

First explain, the meaning of these two codes: save the file directly, and the file name is also the file name uploaded by the user


Okay, now the risk is here:

①Save the file directly.

This means that the file will not be identified in any way. If a user uploads a piece of background code and saves it as a jpg suffix or other, if the administrator accidentally maps it to php and then accesses the background, - - Result It is conceivable that if he deletes all databases in the background, the entire website will directly GG. In short, saving files directly is very risky.

②Use the same file name as the user file name.

The above code will report an error if the user uses a Chinese file name.

As soon as the file name is involved, encoding is involved. If the file name is an English number, it is fine. If it contains Chinese characters, it will be a big problem and it must be re-encoded.

I think reliable storage should be like this:

①The files uploaded by users must be identified.

File recognition, this part has many functions. I think it is good to use MIME type, which is also difficult to forge.

② Change the file name.

I think it’s best to change the file name to a time format like “201803264104421”, or you can also correspond the file name to the database.

Supplement:

There are two parameters. The first parameter is the temporary file name after you upload it, which is automatically generated by the system. Usually the style is:

$_FILE["file"]["tmp_name"];

where file is the name of your front-end file upload form.

The second parameter is the new file name containing the path. For example:

"upload/1.jpg";

In this way, the file you uploaded will be moved to the subdirectory named upload in the current directory, and the file name will be saved as :1.jpg.

move_uploaded_file() function example

Use the move_uploaded_file() function to upload files to the server. 

<?php
  $tmp_filename = $_FILES[&#39;myupload&#39;][&#39;tmp_name&#39;];
  if(!move_uploaded_file($tmp_filename,"/path/to/dest/{$_FILES[&#39;myupload&#39;][&#39;name&#39;]}")) {
   echo "An error has occurred moving the uploaded file.<BR>";
   echo "Please ensure that if safe_mode is on that the " . "UID PHP is using matches the file.";
   exit;
  } else {
   echo "The file has been successfully uploaded!";
  }
?>
Copy after login

move_uploaded_file File upload failure case and solution

Today, when implementing a PHP script that uploads an avatar image file when a user registers, a problem occurred: php The script code is as follows: 

<?php 
define(&#39;ROOT&#39;,dirname(__FILE__).&#39;/&#39;); 
 if ($_FILES["file"]["error"] > 0) 
 { 
  echo "Return Code: " . $_FILES["file"]["error"] . "<br />"; 
 } 
 else 
 { 
  echo "Upload: " . $_FILES["file"]["name"] . "<br />"; 
  echo "Type: " . $_FILES["file"]["type"] . "<br />"; 
  echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />"; 
  echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br />"; 
  if (file_exists("upload/" . $_FILES["file"]["name"])) 
  { 
   echo $_FILES["file"]["name"] . " already exists. "; 
  } 
  else 
  { 
   if(is_uploaded_file($_FILES[&#39;file&#39;][&#39;tmp_name&#39;])){ 
    $stored_path = ROOT.&#39;/upload/&#39;.basename($_FILES[&#39;file&#39;][&#39;name&#39;]); 
     
    if(move_uploaded_file($_FILES[&#39;file&#39;][&#39;tmp_name&#39;],$stored_path)){ 
     echo "Stored in: " . $stored_path; 
    }else{ 
     echo &#39;Stored failed:file save error&#39;; 
    } 
   }else{ 
    echo &#39;Stored failed:no post &#39;; 
   } 
   } 
 } 
?>
Copy after login

When I execute the above script, the script outputs "Stored failed: file save error", which is obviously an error. In the php_error_log file, I saw the error problem: insufficient permissions, I finally found what went wrong: the destination directory where we store the pictures does not have permissions for the user who executes the PHP script. The user who executes the PHP script is not the same user who wrote the script code and created the picture folder, so only You need to change the file permissions to 777.

PHP Development Learning File Upload (move_uploaded_file)

Function: Move the uploaded temporary file to the upload directory. Upload has been created in the root directory! ! ! 

<form action="" enctype="multipart/form-data" method="post" 
  name="uploadfile">上传文件:<input type="file" name="upfile" /><br> 
 <input type="submit" value="上传" /></form> 
<?php 
//print_r($_FILES["upfile"]); 
if(is_uploaded_file($_FILES[&#39;upfile&#39;][&#39;tmp_name&#39;])){ 
 $upfile=$_FILES["upfile"]; 
//获取数组里面的值 
 $name=$upfile["name"];//上传文件的文件名 
 $type=$upfile["type"];//上传文件的类型 
 $size=$upfile["size"];//上传文件的大小 
 $tmp_name=$upfile["tmp_name"];//上传文件的临时存放路径 
//判断是否为图片 
 switch ($type){ 
  case &#39;image/pjpeg&#39;:$okType=true; 
   break; 
  case &#39;image/jpeg&#39;:$okType=true; 
   break; 
  case &#39;image/gif&#39;:$okType=true; 
   break; 
  case &#39;image/png&#39;:$okType=true; 
   break; 
 } 
 
 if($okType){ 
  /** 
   * 0:文件上传成功<br/> 
   * 1:超过了文件大小,在php.ini文件中设置<br/> 
   * 2:超过了文件的大小MAX_FILE_SIZE选项指定的值<br/> 
   * 3:文件只有部分被上传<br/> 
   * 4:没有文件被上传<br/> 
   * 5:上传文件大小为0 
   */ 
  $error=$upfile["error"];//上传后系统返回的值 
  echo "================<br/>"; 
  echo "上传文件名称是:".$name."<br/>"; 
  echo "上传文件类型是:".$type."<br/>"; 
  echo "上传文件大小是:".$size."<br/>"; 
  echo "上传后系统返回的值是:".$error."<br/>"; 
  echo "上传文件的临时存放路径是:".$tmp_name."<br/>"; 
 
  echo "开始移动上传文件<br/>"; 
//把上传的临时文件移动到upload目录下面(upload是在根目录下已经创建好的!!!) 
  move_uploaded_file($tmp_name,"upload/".$name); 
  $destination="upload/".$name; 
  echo "================<br/>"; 
  echo "上传信息:<br/>"; 
  if($error==0){ 
   echo "文件上传成功啦!"; 
   echo "<br>图片预览:<br>"; 
   echo "<img src=".$destination.">"; 
//echo " alt=\"图片预览:\r文件名:".$destination."\r上传时间:\">"; 
  }elseif ($error==1){ 
   echo "超过了文件大小,在php.ini文件中设置"; 
  }elseif ($error==2){ 
   echo "超过了文件的大小MAX_FILE_SIZE选项指定的值"; 
  }elseif ($error==3){ 
   echo "文件只有部分被上传"; 
  }elseif ($error==4){ 
   echo "没有文件被上传"; 
  }else{ 
   echo "上传文件大小为0"; 
  } 
 }else{ 
  echo "请上传jpg,gif,png等格式的图片!"; 
 } 
} 
?>
Copy after login

Execution results:

The above is the entire content of this article. I hope it will be helpful to everyone’s study. For more related content, please pay attention to the PHP Chinese website !

Related recommendations:

The difference between the constructor _construct() and _initialize() of the class in ThinkPHP

How to use distinct in Thinkphp

The above is the detailed content of move_uploaded_file() function in PHP. For more information, please follow other related articles on the PHP Chinese website!

Related labels:
move_uploaded_file php
source:php.cn
Previous article:ajax form submission operation in thinkPHP5 Next article:Statistics ranking and paging display functions in thinkPHP
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Latest Articles by Author
Latest Issues
PHP arrays obtained from URL parameters do not behave as expected I have a URL parameter that contains the category ID and I want to treat it as an array li...
From 2024-04-06 22:09:02
0
1
1428
Where should I place CustomLog directive in apache I'm using php:7.2-apachedocker. I need to disable health check url login access log. Based...
From 2024-04-06 22:03:59
0
1
990
What is the format of the variables in the return value? I am a new learner of php. I found a piece of code: if($x<time()){return[false,'error']...
From 2024-04-06 21:55:20
0
1
778
Problems encountered when using opentbs to generate odt files: values ​​of the same key are displayed in the same row instead of separate columns. I'm using a library called OpenTbs to create odt using PHP, I'm using it because columns a...
From 2024-04-06 20:18:18
0
1
483
Group MySQL results by ID for looping over I have a table with flight data in mysql. I'm writing a php code that will group and displ...
From 2024-04-06 17:27:56
0
1
406
Related Topics
More>
Popular Recommendations
Popular Tutorials
More>
Related Tutorials
Popular Recommendations
Latest courses
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template