Best method of moving an uploaded file in PHP?

Question

I have a php script which uses this below when a user uploads a photo:

if (is_uploaded_file($HTTP_POST_FILES['picture1']['tmp_name'])) {
   move_uploaded_file($HTTP_POST_FILES['picture1']['tmp_name'], $full_file_path);
}

I am curious, should I be using this instead? IF so, is there any benefits?

if (is_uploaded_file($HTTP_POST_FILES['picture1']['tmp_name'])) {
   copy($HTTP_POST_FILES['picture1']['tmp_name'], $full_file_path);
}

Also when a script ends is the file located @ $HTTP_POST_FILES['picture1']['tmp_name'] automaticly deleted?

Answer 1

The move_uploaded_file has benefits like it checks to make sure that the file is a valid upladed file, which is important:

This sort of check is especially important if there is any chance that anything done with uploaded files could reveal their contents to the user, or even to other users on the same system. - PHP Documentation

Also, instead of copying data, you are just moving it. This means less overall data being created.

2nd Question: Yes, the file is deleted after the script finishes, meaning PHP can't access it unless you move it.

Answer 2

First of all, you should use $_FILES instead of $HTTP_POST_FILES. The latter has been deprecated and it will be removed from the PHP platform as of PHP 6.

Secondly, use move_uploaded_file(), as it does extra security checks compared to copy(). I don't know exactly what that means but that's what the manual says.