|
|
 |
move_uploaded_file (PHP 4 >= 4.0.3, PHP 5) move_uploaded_file -- Verplaatst een geuploade bestand naar een nieuwe lokatie Beschrijvingbool move_uploaded_file ( string filename, string destination)
Deze functie controleert of het bestand filename
wel een geldige geuploade bestand is (wat inhoudt dat het bestand
is geupload met PHP's HTTP POST upload mechanisme). Als het bestand
geldig is, dan wordt het verplaatst naar het bestand aangegeven met
destination.
Als filename geen geldig geuploade bestand is,
zal er geen actie ondernomen worden en geeft move_uploaded_file()
FALSE terug.
Als filename wel een geldig geuploade bestand is,
maar dat hij door welke rede dan ook niet verplaatst kan worden,
wordt er geen actie ondernomen en zal move_uploaded_file()
FALSE terug geven. Daarbij zal er een waarschuwing worden gegeven.
Deze controles zijn zeker van belang als er enige kans is dat
er iets wordt gedaan met het geuploade bestand dat zijn inhoud
prijs kan geven aan de gebruiker, of zelfs aan andere gebruikers
op het zelfde systeem.
Opmerking: Als safe-mode aan staat, zal PHP kijken of de
bestanden of directories waarmee je wilt werken dezelfde UID heeft als het
script dat wordt uitgevoerd.
Opmerking:
move_uploaded_file() heeft geen last van normale
safe mode UID-beperkingen. Dit is niet onveilig, omdat move_uploaded_file()
alleen werkt op bestanden die zijn geupload met PHP.
| Waarschuwing |
Als destination al bestaat, wordt hij overschreven.
|
Zie ook is_uploaded_file(), en de sectie
Bestanden uploaden afhandelen
voor een simpel voorbeeld.
 add a note
User Contributed Notes
move_uploaded_file
allan666 at NOSPAM dot gmail dot com
17-Dec-2004 07:35
On the Fedora Core 3 Linux distribution, you may get a "failed to open stream: Permission denied in ..." message. I fact changing the permission of the directory will not work (even if you set to 0777). It is because of the new SELinux kernel that allow apache user to write only in /tmp dir (I think). In order to solve the problem you must to disable the SELinux (at least for apache service) to allow the server to write in other directories. To do that, run the system-config-securitylevel app and disable the SE to apache service. Reboot your system and continue your work. Hope it helps!
aj at nospam dot com
08-Dec-2004 11:48
In response to Jesus,
I ran into a similar problem, but got around it by using the chmod() function on the file after moving it.
jesus at trevia dot es
25-Nov-2004 10:15
Do you know if there is any permission issues using move_uploaded_file()?
In a project I am developing I've realized that using move_upload_file() set the permissions on the Web server to 700, and so web users couldn't see the images the web administrator uploaded.
I used copy() instead and it set the permissions to 744
Is this the supposed behaviour? any idea?
Thanks
php at f00n dot com
04-Jul-2004 10:17
If you are building an intranet framework and use NAT/Routing heed the following advice.
If you want to move uploaded files to an FTP server you cannot use the ftp wrapper (ie. 'ftp://user:pass@ftpserver/') as part of your move_uploaded_file() action. This is due to the wrapper only using passive mode with ftp.
The only workaround is using the ftp functions (may not be compiled by default with *nix but is by default with windows).
froid_nordik at sympatico dot ca
04-Jun-2004 06:26
Make sure the directory you are moving the file to exists before using this command.
sauron at nospam on morannon dot org
08-Mar-2004 02:20
An extension only does not really tell you what type of file it really is. I can easily rename a .jpg file to a .zip file and make the server think it is a ZIP file with webmaster kobrasrealm's code.
A better way is to use the Linux utility "file" to determine the file type. Although I'm aware that some users might use Windows on their webservers, I thought it's worth mentioning the utility here. Using the backtick operators and preg_matches on the output, you can easily determine the file type safely, and fix the extension when necessary.
mail at johan dot it
28-Feb-2004 11:14
Warning: If you save a md5_file hash in a database to keep record of uploaded files, which is usefull to prevent users from uploading the same file twice, be aware that after using move_uploaded_file the md5_file hash changes! And you are unable to find the corresponding hash and delete it in the database, when a file is deleted.
mina86 at tlen dot pl
08-Dec-2003 12:03
Hey! Why not using strrchr() to get file extension:
<?php $ext = strrchr($_FILES['file']['name'], '.'); ?>
or to get it without '.' at the begining:
<?php $ext = substr(strrchr($_FILES['file']['name'], '.'), 1); ?>
If you want to update file without any strang characters you can use:
<?php
move_uploaded_file(
$_FILES["file"]["tmp_name"],
$dir . preg_replace('/[^a-z0-9_\-\.]/i', '_', $_FILES["file"]["name"])
);
?>
wolke74 at web dot de
18-Nov-2003 06:02
French and English filenames --- as it is not forbidden -- often have an apostrophy, for instance "That's advertisement paper.doc" or "Les aventures d'Alice dans le pays du miracle.doc". However, uploading such files can run into trouble.
So you can write, if the posted file had been marked by myfile .
if(!move_uploaded_file($_FILES["myfile"]["tmp_name"],
rawurlencode($mydir.$_FILES["myfile"]["name"]))
{
echo "Something is wrong with the file";
exit;
}
09-Nov-2003 04:54
The example to find file extension bellow is quite confusing and its using to much code for a much simpler solution. Which is in example:
$file_parts = pathinfo('dir/' . $_FILES['file']['name']);
$file_extension = strtolower($file_parts['extension']);
The 'dir/' part is only to get a valid path.
www at w8c dot com
09-Oct-2003 09:03
function upload($filedir,$source,$source_name,$up_flag,$lastname)
{
if (!file_exists($filedir))
{
mkdir($filedir,0777);
}
@chmod($filedir,0777);
if (!$lastname)
{
$lastname=$source_name;
}
if (file_exists("$filedir/$lastname"))
{
if ($up_flag=="y")
{
@unlink($filedir/$lastname);
@move_uploaded_file($source,"$filedir/$lastname");
echo "$source_name OK<br>";
}
else
echo "$source_name ...<br>";
}
else
{
@move_uploaded_file($source,"$filedir/$lastname");
echo "$source_name OK<br>";
}
}
allen at brooker dot gb dot net
12-Feb-2003 11:48
The first comment totally threw me off. Under the 'new regime', the 'string filename' is $_FILES['userfile']['tmp_name']
Also note that the 'string destination' should be the full path and filename. As long as your server isnt using virtual hosting, you should be able to use $_SERVER['DOCUMENT_ROOT'] . "path/within/website". This'll save hours of hassle trying to get sometimes ignorant ISPs to give you your full and 'no symlinks' path.
Allen
| |
mkdir