0

Got this bit of code:

if ($_FILES["file1"]["error"] == 0) {
        move_uploaded_file($_FILES["file1"]["tmp_name"], "path/".$_FILES["file1"]["name"]);
    }

I would like to reuse it for more files being uploaded. Was thinking function with some params but it seems i can't get the vars correctly.

Ok fixed it like this:

function upload($file) {

        $allowedExts = array("pdf, jpg, gif, png");
        $extension = end(explode(".", $_FILES[$file]["name"]));

        if (in_array($extension, $allowedExts)) && ($_FILES[$file]["error"] == 0) {
            move_uploaded_file($_FILES[$file]["tmp_name"], "img/new/".$_FILES[$file]["name"]);
        }
    }

And calling via:

upload("file1");

Not sure about the $_FILES loop...

Improve this question
3
  • 1
    Can we see the function you tried? Commented Jun 25, 2013 at 22:34
  • 2
    This is not something you should be reusing. You're giving the user free reign over your entire file system. Don't use this insecure code! Commented Jun 25, 2013 at 22:34
  • If I upload a file named hax.php, then I can access it and take over your site. Commented Jun 25, 2013 at 22:49

3 Answers 3

Reset to default
1

You can loop through the $_FILES array and execute your code for each file, like this:

foreach($_FILES as $file)
{
    if ($file["error"] == 0) {
        move_uploaded_file($file["tmp_name"], "path/".$file["name"]);
    }
}
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Ha, got it! Quite elegant solution. Altho, are there any security implications? As i understand this would attempt to upload all files presented in the $_FILES array.
Ehh, well security implications are another story. I'm answering the initial question (how to process all of the files in the array). You should be including checks and validations to ensure that the user can only do what you want them to do.
0

You could do this

function upload_file($file, $upload_path)
{

    if($file["error"] == 0){

        $moved = move_uploaded_file($file["tmp_name"], $upload_path.$file["name"]);

        if($moved){

            return true;

        }

    }

    return false;

}

simple but works for your needs.

Improve this answer

1 Comment

also you could loop through your upload field names and call this function in your loop - modified to work with Axels loop
0

Documentation: PHP File Uploads

This works:

<?php
    if(isset($_FILES['file']['tmp_name']))
    {
        $num_files = count($_FILES['file']['tmp_name']);
        for($i=0; $i < $num_files;$i++)
        {            
            if(!is_uploaded_file($_FILES['file']['tmp_name'][$i]))
            {
                $messages[] = 'No file uploaded';
            }
            else
            {               
                if(move_uploaded_file(($_FILES['file']['tmp_name'][$i],$upload_dir.'/'.$_FILES['file']['name'][$i]))
                {                    
                    $messages[] = $_FILES['file']['name'][$i].' uploaded';
                }
                else
                {                
                    $messages[] = 'Uploading '.$_FILES['file']['name'][$i].' Failed';
                }
            }
        }
    }
?>

Note: It's a good idea to validate the files using exif_imagetype(), getimagesize() and similar.. Every other value than $_FILES['image']['tmp_name'] and $_FILES['image']['error'] shouldn't be trusted. It takes whatever is sent from the browser and can easily be faked.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.