The PHP Function Is_Uploaded_File

PHP file functions offer flexibility, security, and convenience for handling files and directories in web applications. They support tasks like reading, writing, moving and renaming files, as well as working with file attributes, permissions, and metadata.

The is_uploaded_file() function checks whether the given file name has been uploaded to the server. It returns a boolean value: true if the file has been uploaded, false otherwise.

You can use the is_uploaded_file() function as part of a test script to verify that any uploads have been successfully processed. This is an excellent way to test for things such as password files or anything else that could potentially be made public via a form submission.

Another good use of is_uploaded_file is to be used in conjunction with the copy() function to make sure that any file that is renamed or moved by the copy function has been uploaded to the server first. This can prevent malicious users from trying to move sensitive files on your server, such as passwords, into directories that could become publicly accessible on the internet!

As always, be sure to sanitize and validate any file names or paths that are accepted from user input, using functions such as realpath() or basename(). You should also be aware that some file operations may be platform-dependent and vary across environments, such as directory traversal or file permissions. Be sure to design your code to handle these differences, so that it is robust and works consistently across different platforms.

Andreas Behr - CTO of DesertCoderz
You are a developer and looking for Shopware projects?
Apply Now!

is_uploaded_file example

// A correct form post will pass this test.     if ( $test_form && ( ! isset( $_POST['action'] ) || $_POST['action'] !== $action ) ) {
        return call_user_func_array( $upload_error_handler, array( &$file__( 'Invalid form submission.' ) ) );
    }

    // A successful upload will pass this test. It makes no sense to override this one.     if ( isset( $file['error'] ) && $file['error'] > 0 ) {
        return call_user_func_array( $upload_error_handler, array( &$file$upload_error_strings[ $file['error'] ] ) );
    }

    // A properly uploaded file will pass this test. There should be no reason to override this one.     $test_uploaded_file = 'wp_handle_upload' === $action ? is_uploaded_file( $file['tmp_name'] ) : @is_readable( $file['tmp_name'] );
    if ( ! $test_uploaded_file ) {
        return call_user_func_array( $upload_error_handler, array( &$file__( 'Specified file failed upload test.' ) ) );
    }

    $test_file_size = 'wp_handle_upload' === $action ? $file['size'] : filesize( $file['tmp_name'] );
    // A non-empty file will pass this test.     if ( $test_size && ! ( $test_file_size > 0 ) ) {
        if ( is_multisite() ) {
            $error_msg = __( 'File is empty. Please upload something more substantial.' );
        } else {
            $error_msg = sprintf(
                

        return $this->error;
    }

    /** * Returns whether the file has been uploaded with HTTP and no error occurred. */
    public function isValid(): bool
    {
        $isOk = \UPLOAD_ERR_OK === $this->error;

        return $this->test ? $isOk : $isOk && is_uploaded_file($this->getPathname());
    }

    /** * Moves the file to a new location. * * @throws FileException if, for any reason, the file could not have been moved */
    public function move(string $directory, string $name = null): File
    {
        if ($this->isValid()) {
            if ($this->test) {
                
                // Therefore the path is updated here SW-2889                 $this->path = str_replace($projectDir, '', $this->getUploadDir() . $this->getFileName());

                /* * SW-3805 - Hotfix for windows paths */
                $this->path = str_replace('\\', '/', $this->path);
            }
            $tempPath = $projectDir . 'media' . DIRECTORY_SEPARATOR . 'temp' . DIRECTORY_SEPARATOR . $this->file->getFilename();

            $mediaService->write($this->path, file_get_contents($this->file->getRealPath()));
            if (file_exists($tempPath) || is_uploaded_file($this->file->getPathname())) {
                unlink($this->file->getPathname());
            }
        }

        return true;
    }

    /** * Creates the default thumbnails 70x70 and 153x153 to display the images * in the media manager listing. */
    

        return $this->error;
    }

    /** * Returns whether the file has been uploaded with HTTP and no error occurred. */
    public function isValid(): bool
    {
        $isOk = \UPLOAD_ERR_OK === $this->error;

        return $this->test ? $isOk : $isOk && is_uploaded_file($this->getPathname());
    }

    /** * Moves the file to a new location. * * @throws FileException if, for any reason, the file could not have been moved */
    public function move(string $directory, string $name = null): File
    {
        if ($this->isValid()) {
            if ($this->test) {
                
$this->Front()->Plugins()->Json()->setRenderer(false);

        if ($_FILES['file']['error'] !== UPLOAD_ERR_OK) {
            echo json_encode([
                'success' => false,
                'message' => 'Could not upload file',
            ]);

            return;
        }

        if (!is_uploaded_file($_FILES['file']['tmp_name'])) {
            echo json_encode([
                'success' => false,
                'message' => 'Unsecure file detected',
            ]);

            return;
        }

        $fileName = basename($_FILES['file']['name']);
        $extension = pathinfo($fileName, PATHINFO_EXTENSION);

        
public function getClientExtension(): string
    {
        return pathinfo($this->originalName, PATHINFO_EXTENSION) ?? '';
    }

    /** * Returns whether the file was uploaded successfully, based on whether * it was uploaded via HTTP and has no errors. */
    public function isValid(): bool
    {
        return is_uploaded_file($this->path) && $this->error === UPLOAD_ERR_OK;
    }

    /** * Save the uploaded file to a new location. * * By default, upload files are saved in writable/uploads directory. The YYYYMMDD folder * and random file name will be created. * * @param string $folderName the folder name to writable/uploads directory. * @param string $fileName the name to rename the file to. * * @return string file full path */
private $psrUploadedFile;
    private $test = false;

    public function __construct(UploadedFileInterface $psrUploadedFile, callable $getTemporaryPath)
    {
        $error = $psrUploadedFile->getError();
        $path = '';

        if (\UPLOAD_ERR_NO_FILE !== $error) {
            $path = $psrUploadedFile->getStream()->getMetadata('uri') ?? '';

            if ($this->test = !\is_string($path) || !is_uploaded_file($path)) {
                $path = $getTemporaryPath();
                $psrUploadedFile->moveTo($path);
            }
        }

        parent::__construct(
            $path,
            (string) $psrUploadedFile->getClientFilename(),
            $psrUploadedFile->getClientMediaType(),
            $psrUploadedFile->getError(),
            $this->test
        );
public function __construct(
        private readonly UploadedFileInterface $psrUploadedFile,
        callable $getTemporaryPath,
    ) {
        $error = $psrUploadedFile->getError();
        $path = '';

        if (\UPLOAD_ERR_NO_FILE !== $error) {
            $path = $psrUploadedFile->getStream()->getMetadata('uri') ?? '';

            if ($this->test = !\is_string($path) || !is_uploaded_file($path)) {
                $path = $getTemporaryPath();
                $psrUploadedFile->moveTo($path);
            }
        }

        parent::__construct(
            $path,
            (string) $psrUploadedFile->getClientFilename(),
            $psrUploadedFile->getClientMediaType(),
            $psrUploadedFile->getError(),
            $this->test
        );
Home | Imprint | This part of the site doesn't use cookies.