On Thu, 2010-04-01 at 10:51 +0100, Matthew Croud wrote:

> Hi Guys,
> Can someone confirm for me that the code below will move an uploaded  
> file and give it the same name as the original image file name ?
> $file_dir = "/home/uploads";
> foreach($_FILES as $file_name => $file_array) {
>       echo "path: ".$file_array["tmp_name"]."<br/>\n";
>       echo "name: ".$file_array["name"]."<br/>\n";
>       echo "type: ".$file_array["type"]."<br/>\n";
>       echo "size: ".$file_array["size"]."<br/>\n";
>       $UploadName[$num] = $file_array["name"];
>      $num++;
>       if (is_uploaded_file($file_array["tmp_name"])) {
>               move_uploaded_file($file_array["tmp_name"], "$file_dir/". 
> $file_array["name"]) or die ("Couldn't copy");
>               echo "file was moved!<br/>";
>       }
> }
> Many thanks,

Yes, the original filename comes from the ["name"] array element.
However, if someone is uploading a filename with the same name as one
that already exists, you will be overwriting it.

For peace of mind, I've always found it best to save the file using the
tmp_name given to it by PHP, and store this against the original
filename in a database. You can then use PHP to deliver the file back to
the user when it's needed as either a download or something displayed in
the browser. This works nicely with storing files outside of the web
root, which will prevent people from maliciously uploading files to
attempt to break your server and/or app.


Reply via email to