0

i have a general question about php, i can't understand what does $ _FILES ["upload"] ["tmp_name"], why should i upload a file into a tmp folder, and not direclty into a permanent folder? Thanks for read, have a nice day!

Improve this question
5
  • Because you'd overwrite any file with the same name that already existed in the permanent folder, not necessarily what you want especially if 2 different users upload files with the same name; because you might want to validate what the file really is, and doesn't contain viruses or malware, before moving it to its permanent folder..... there's two good reasons for a start Commented Sep 12, 2017 at 8:37
  • Because that is simply how it works. Because it would potentially be dangerous. Because PHP has no way of even knowing where you would want to store this particular file to, because all of that happens already before your script that processes this upload is even started. Commented Sep 12, 2017 at 8:38
  • @Mark Baker so for example, if i want make sure that for example an image uploaded is png, i have to upload id into a tml folder and then when i sure that it is a png, i have to upload it into the permanent folder? Commented Sep 12, 2017 at 8:40
  • 1
    No you don't upload it twice.... it's uploaded once to a temp folder, and then you either move it to the permanent folder after you've verified it (using move_uploaded_file()) or it gets automatically deleted Commented Sep 12, 2017 at 8:45
  • Read about the PHP way to handle file uploads. In a nutshell, the PHP interpreter puts the uploaded files in the temporary directory using generated names and stores their paths in $_FILES['...']['tmp_name'] before running your PHP script. Commented Sep 12, 2017 at 9:03

1 Answer 1

Reset to default
3

The PHP interpreter puts an uploaded file in the temporary directory using a generated name and stores the path in $_FILES['...']['tmp_name'] before running your PHP script.

You can use is_uploaded_file() to make sure the content of $_FILES['...']['tmp_name'] is indeed the path of an uploaded file (and it was not spoofed somehow in the request) then use move_uploaded_file() to put the file on its final destinations.

Or you can also process the content of the file without moving it, in case you don't need to store the file.

Either way, when your script ends the interpreter removes the temporary files it created to store the uploaded content.

The code usually looks like:

if (is_uploaded_file($_FILES['abc']['tmp_name'])) {
    // Generate the path where to store the file
    // Depending on the expected file type you can use getimagesize() 
    // or mime_content_type() to find the correct file extension
    // and various ways to generate an unique file name (to not overwrite
    // the file already existing in the storage directory)
    $finalpath = '...';

    if (move_uploaded_file($_FILES['abc']['tmp_name'], $finalpath)) {
        // Successfully uploaded and processed.
    } else {
        // Cannot move the file; maybe there is a permissions issue
        // or the destination directory simply doesn't exist.
    }
} else {
    // The upload failed.
    // Check the value of $_FILES['abc']['error'] to find out why
    // (usually no file was uploaded or the file is too large).
}

Read about the PHP way to handle file uploads.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

It doesn't look a low quality question to me; its formatting can be improved but the question itself is clear and it tells the OP didn't understand (or misunderstand) a basic concept. Of course, it also shows the lack of any research efforts, but that's the downvotes are for. My answer provides links for the OP to do the needed research and improve their knowledge.
No need to use is_uploaded_file() with move_uploade_file() as it performs the same check before move operation. is_uploaded_file() is useful if you need to perform some other action.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.