x-yuri
Reputation: 18873
safe unique filename with no race condition
Is this a safe way to move uploaded file with respect to race conditions?
do {
$file = $path . "/" . uniqid() . '.' . $ext;
$fh = @fopen($file, 'x');
} while( ! $fh);
move_uploaded_file($src, $file);
UPD Besides learning other ways of solving the problem I would like to know if this code is subject to race conditions. AFAIU, fopen with 'x' mode and move_uploaded_file are atomic, so no collision could be possible.
On top of that and with regards to "uniqid will suffice", several people in comments to tempnam stated necessity of using fopen with 'x' mode to avoid race conditions. Do they overly paranoid? I think, having safer solution is better, if it doesn't make code significantly complex.
Upvotes: 1
Views: 736
Answers (1)
Related Questions
- How to increment filename in php to prevent duplicates
- Unique and temporary file names in PHP?
- PHP Unique Identifier for a File
- Duplicate filename protection by incrementation
- php Unique filename when uploading
- Generating unique filenames with tempnam
- Generating unique filename
- How can I ensure unique file names for images uploaded to server?
- Generating a time-based unique file name for uploads without creating a race condition
- Correct way to make sure all files have unique names?