So I'm making this file upload system in PHP. The $target_path is the absolute path and the permissions of the folder it will be uploaded into is set to 777. The tmp_name also returns something valid and the $_FILES['file_uploaded'] is an array.
However, when I run the following line of code. It returns false.
move_uploaded_file($_FILES['file_uploaded']['tmp_name'], $target_path)
Am I missing something here?
Update [Form HTML code]
<form action="photos.php" enctype="multipart/form-data" method="POST">
<input type ="hidden" name="MAX_FILE_SIZE" value="<?php echo $max_file_size; ?>" />
<input type ="hidden" name ="upload" value="upload" />
<input type="file" name="file_upload" />
<input type="text" name="tags" value="" />
<input type="radio" name="size" value="_small" checked> Small<br>
<input type="radio" name="size" value="_medium"> Medium<br>
<input type="radio" name="size" value="_large"> Large<br>
<select name="imagelib_id">
<option value="1">General</option>
</select>
<input type="submit" name="submit" value="Upload" />
Solution I missed a filename for the uploaded file. The following line fixed my problem:
move_uploaded_file($_FILES['file_uploaded']['tmp_name'], $target_path . $_FILES['file_uploaded']['name']);
As it says in the PHP manual entry, the second parameter of the needs to be a filename, not a directory. You can follow the sample code and use the "name" value of the array:
// FIXME: verify filename - see below
$destination = $target_path . $_FILES['file_uploaded']['name'];
move_uploaded_file($_FILES['file_uploaded']['tmp_name'], $destination);
I strongly recommend to follow the tips in this comment on the PHP manual and verify both the filename for dangerous characters and correct file extension:
// snippet taken from the comment by Yousef Ismaeil Cliprz
function check_file_uploaded_name ($filename) {
(bool) ((preg_match("`^[-0-9A-Z_\.]+$`i",$filename)) ? true : false);
}