$_FILES is not empty but the file didn't upload

Question

i have a form to upload a file, the code to check if it arrives is here:

if (is_uploaded_file($_FILES['foto'] ['tmp_name'])){
   echo "file is valid and was uploaded";
   print_r($_FILES);
 }

and it says:

 file is valid and was uploadedArray ( [foto] => 
 Array ( [name] => Penguins.jpg     [type] => image/jpeg [tmp_name]   
 => /var/www/uploads/phpf8ECTX [error] => 0 [size] => 777835 ) ) 
 Array ( [foto] => Array ( [name] => Penguins.jpg [type] => image/jpeg [tmp_name] 
=> /var/www/uploads/phpf8ECTX [error] => 0 [size] => 777835 ) ) array(1) { 
["foto"]=> array(5) { ["name"]=> string(12) "Penguins.jpg" ["type"]=> string
(10) "image/jpeg" ["tmp_name"]=> string(26) "/var/www/uploads/phpf8ECTX" ["error"]
=> int(0) ["size"]=> int(777835) } } 

but the file didnt arrive, the php.ini is configured correct and the /var/www/uploads directory have permissions to write for all users,i'm running apache2 in linux, any idea about what is wrong? thank you

Answer 1

is_uploaded_file() only confirms if the file you are referencing is in fact an uploaded file versus a system file, like say /etc/passwd. You can read more about it here: http://php.net/manual/en/function.is-uploaded-file.php

Returns TRUE if the file named by filename was uploaded via HTTP POST. This is useful to help ensure that a malicious user hasn't tried to trick the script into working on files upon which it should not be working--for instance, /etc/passwd.

This sort of check is especially important if there is any chance that anything done with uploaded files could reveal their contents to the user, or even to other users on the same system.

After validating your file name and properties (based on your specific requirements), you must call move_uploaded_file() to move the file from it's temp location to it's permanent home.

http://www.php.net/manual/en/function.move-uploaded-file.php

A good example of the actual upload script from W3Schools:

<?php
$allowedExts = array("gif", "jpeg", "jpg", "png");
$temp = explode(".", $_FILES["file"]["name"]);
$extension = end($temp);
if ((($_FILES["file"]["type"] == "image/gif")
|| ($_FILES["file"]["type"] == "image/jpeg")
|| ($_FILES["file"]["type"] == "image/jpg")
|| ($_FILES["file"]["type"] == "image/pjpeg")
|| ($_FILES["file"]["type"] == "image/x-png")
|| ($_FILES["file"]["type"] == "image/png"))
&& ($_FILES["file"]["size"] < 20000)
&& in_array($extension, $allowedExts))
  {
  if ($_FILES["file"]["error"] > 0)
    {
    echo "Return Code: " . $_FILES["file"]["error"] . "<br>";
    }
  else
    {
    echo "Upload: " . $_FILES["file"]["name"] . "<br>";
    echo "Type: " . $_FILES["file"]["type"] . "<br>";
    echo "Size: " . ($_FILES["file"]["size"] / 1024) . " kB<br>";
    echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br>";

    if (file_exists("upload/" . $_FILES["file"]["name"]))
      {
      echo $_FILES["file"]["name"] . " already exists. ";
      }
    else
      {
      move_uploaded_file($_FILES["file"]["tmp_name"],
      "upload/" . $_FILES["file"]["name"]);
      echo "Stored in: " . "upload/" . $_FILES["file"]["name"];
      }
    }
  }
else
  {
  echo "Invalid file";
  }
?>

Answer 2

You have to move_uploaded_file to the uploads directory once it is done. My understanding is that PHP will upload to a temporary folder and delete it afterwards, if you don't explicitly persist the file to a different folder.

if (is_uploaded_file($_FILES['foto'] ['tmp_name'])){
    if (file_exists("upload/" . $_FILES["foto"]["name"]))
    {
        //Maybe you want to issue an error message if the file already exists, like this.
        echo $_FILES["foto"]["name"] . " already exists. ";
    }
    else
    {
        move_uploaded_file($_FILES["foto"]["tmp_name"],
            "upload/" . $_FILES["foto"]["name"]);
    }
}

And remember to set up a different temporary directory for your uploads.