If you are a PHP programmer, it is inevitable to use move_uploaded_file in PHP projects.
move_uploaded_file is used to handle file uploading. It seems a straightforward process, however it has been given hard time to a lot of developers.
In this tutorial, we will go through some very common issues when using move_uploaded_file. And hopefully it will make your life easier when using this function. Even more, it might help you solve some of your existing bugs.

Please note this tutorial is not a completed task oriented article, it is a FAQ section we have concluded through research.

Table Of Content


  1. form
  2. safe_mode
  3. open_basedir
  4. permission denied
  5. max upload size
  6. The End

Content


1.form

enctype='multipart/form-data'

This is probably the most common mistake developers have made when using move_uploaded_file function. move_uploaded_file handles file submitted from a form. But in a lot of cases, developers simply forget to to encode the files using enctype='multipart/form-data' in the form.

Always remember add enctype='multipart/form-data' in the form tag if the form has a file field:

2.safe_mode

...Warning: move_uploaded_file(): SAFE MODE Restriction in effect...

If you have encountered above similar error message. It basically means that the directory which the file is being moved to is owned by a different user (UID) than PHP script.

This error may happen in a lot of scenarios and mostly in shared-server environment. For example, you are using PHP script to create a folder to contain the uploaded folder, however when you try to use move_uploaded_file() function after creating the container folder, you will see the error message ...Warning: move_uploaded_file(): SAFE MODE Restriction in effect... if the safe_mode is enabled.

The solution for this situation is to disable safe_mode globally or at least on the destination folder.

  • Disable it globally:
    1. Open up php.ini.
      Find the following line: safe_mode
    2. Turning safe mode off.
    3. Restart the server.
  • Disable it on the destination folder:
    1. Create a .htaccess file on the destination folder.
    2. Insert this line into .htaccess file:
      OR

However, regarding to PHP manual, this feature is is architecturally incorrect and removed since PHP 5.3. So alternatively upgrade PHP version to 5.3 + will be able to get around this problem.

The PHP safe mode is an attempt to solve the shared-server security problem. It is architecturally incorrect to try to solve this problem at the PHP level, but since the alternatives at the web server and OS levels aren't very realistic, many people, especially ISP's, use safe mode for now.

3. open_basedir

...Warning: move_uploaded_file() [function.move-uploaded-file]: open_basedir restriction...

If you have encountered above similar error message. You are probably using open_basedir for security reason. open_basedir limits the files that can be opened by PHP within a directory-tree.

To solve this problem, you will need to add the directory where the files are being moved to, to open_basedir allowed paths.
You can do this easily using the Apache (assuming this is your web server) configuration file (e.g. httpd.conf):

According to PHP manual, from PHP 5.3, we can set the path at run-time using ini_set():

As of PHP 5.3.0 open_basedir can be tightened at run-time. This means that if open_basedir is set to /www/ in php.ini a script can tighten the configuration to /www/tmp/ at run-time with ini_set()

4.permission denied

...failed to open stream: Permission denied...

If you have encountered above similar error message. It means move_uploaded_files is trying to move files to a folder which it does not have access right.

To solve this problem, you can set permission of the destination folder to 777.

5.max upload size

Sometimes move_uploaded_file does not return any file, and it does not give any error messages either. Maybe it is time to take a look at the post_max_size and upload_max_filesize in PHP info. And compare these two values to the files' size you are trying to upload. To check PHP info, use
If these two values are smaller than the files' size, you will need to increase them.

You can set these two values in php.ini(if you have the access), .htaccess or even at run-time.

  • php.ini
    1. Open up php.ini.
      Find the following line: safe_mode
    2. Find.
    3. Increase these two values as you need.
    4. Restart the server.
  • .htaccess
    1. Create a .htaccess file on the folder which the uploading script resides in.
    2. Set the value using following lines:
  • Run-time:
    Inside the script before move_uploaded_file function, do:

post_max_size must be larger than upload_max_filesize. If this still does not change the situation, you can try to change memory_limit and max_execution_time value. The way to do it is identical as those other two values.

6.The End

Thank you for reading this article, and if you have any encountered anything different, have a different solution or think our solution is wrong, do let us know in the comment section.
We will be very happy to hear that.

If you like our tutorial, please follow us on Twitter and help spread the word. We need your support to continue.

You might also want to check out course Uploading Files Securely with PHP from lynda.com.