This function checks to ensure that the file designated by filename is a valid upload file (meaning that it was uploaded via PHP's HTTP POST upload mechanism). If the file is valid, it will be moved to the filename given by destination.
If filename is not a valid upload file, then no action will occur, and move_uploaded_file() will return FALSE.
If filename is a valid upload file, but cannot be moved for some reason, no action will occur, and move_uploaded_file() will return FALSE. Additionally, a warning will be issued.
This sort of check is especially important if there is any chance that anything done with uploaded files could reveal their contents to the user, or even to other users on the same system.
Note: When safe mode is enabled, PHP checks whether the files or directories you are about to operate on have the same UID (owner) as the script that is being executed.
Note: move_uploaded_file() is not affected by the normal safe mode UID-restrictions. This is not unsafe because move_uploaded_file() only operates on files uploaded via PHP.
Warning |
If the destination file already exists, it will be overwritten. |
See also is_uploaded_file(), and the section Handling file uploads for a simple usage example.