The is_uploaded_file Function
The is_uploaded_file function checks whether the specified file
was uploaded via a POST request. This is an important security check
when working with uploaded files. The function takes one parameter -
the path to the file to check, and returns true if the file
was uploaded via POST, and false otherwise.
Syntax
is_uploaded_file(string $filename): bool
Example
Check if a file was uploaded via a form:
<?php
if (is_uploaded_file($_FILES['userfile']['tmp_name'])) {
echo 'File was uploaded via HTTP POST';
} else {
echo 'File was NOT uploaded via HTTP POST';
}
?>
Example
Using the function in combination with move_uploaded_file:
<?php
$temp_file = $_FILES['userfile']['tmp_name'];
$target_file = 'uploads/' . $_FILES['userfile']['name'];
if (is_uploaded_file($temp_file)) {
move_uploaded_file($temp_file, $target_file);
echo 'file uploaded successfully';
} else {
echo 'possible file upload attack';
}
?>
See Also
-
the
move_uploaded_filefunction,
which safely moves an uploaded file -
the
file_existsfunction,
which checks for the existence of a file (but not only uploaded ones) -
the
tmpfilefunction,
which creates a temporary file -
the
is_filefunction,
which checks a file
