In your final instructions, you have $_FILES['name']['tmp_name']
instead of $_FILES['file']['tmp_name']
.
By the way, you have a few errors in your script:
- Even if someone uploads an invalid file, you show them an error message, but you still move it to the final place.
$_FILES["file"]["type"]
is a value sent by the browser (ie: the client). A malicious attacker may sent you any kind of file and disguise it as aimage/png
, and you are trusting it. You cannot trust this value. Instead, you could usegetimagesize
, which returns you an array that has the mime type of the image (and is detected by the server (ie: by you). To detect the mime-type of non-images, you can useFileInfo
, concretelyfinfo_file
.
Also, the php script will not create your uploads
folder if it does not exist, and instead will show an error (and do nothing). You must create this folder first, and make sure that the user running your php script (usually the same that is running your http server) has write permissions on that directory.
edit: You don't see any uploaded file in your temp directory because (quoting http://www.php.net/manual/en/features.file-upload.post-method.php):
The file will be deleted from the temporary directory at the end of the request if it has not been moved away or renamed.