Rename an uploaded file with PHP but keep the extension

Question

I'm using PHP to upload an image from a form to the server and want to rename the image lastname_firstname.[original extension]. I currently have:

move_uploaded_file($_FILES["picture"]["tmp_name"], "peopleimages/" . "$_POST[lastname]" . '_' . "$_POST[firstname]")

which, of course, renames the file lastname_firstname without an extension. How do I rename the file but keep the extension?

Thanks!

Answer 1

You need to first find out what the original extension was ;-)

To do that, the pathinfo function can do wonders ;-)

Quoting the example that's given in the manual :

$path_parts = pathinfo('/www/htdocs/index.html');
echo $path_parts['dirname'], "\n";
echo $path_parts['basename'], "\n";
echo $path_parts['extension'], "\n";
echo $path_parts['filename'], "\n"; // since PHP 5.2.0

Will give you :

/www/htdocs
index.html
html
index

As a sidenote, don't forget about security :

• In your case, you should escape $_POST[lastname], to make sure it only contains valid characters
  • And, BTW, you should use $_POST['lastname'] -- see Why is $foo[bar] wrong?
• You should also check that the file is an image
  • See mime_content_type for PHP < 5.3
  • And/or finfo_file for PHP >= 5.3

Answer 2

move_uploaded_file($_FILES["picture"]["tmp_name"], "peopleimages/" . "$_POST[lastname]" . '_' . "$_POST[firstname]." . pathinfo($_FILES["picture"]["tmp_name"], PATHINFO_EXTENSION));

Answer 3

First, find the extension:

$pos = strrpos($filename, '.');
if($pos === false)
    $ext = ""; // file has no extension; do something special?
$ext = substr($filename, $pos); // includes the period in the extension; do $pos + 1 if you don't want it

Then call your file anyhow you want, and append to the name the extension:

$newFilename = "foobar" . $ext;
move_uploaded_file($_FILES['picture']['tmp_name'], 'peopleimages/' . $newFilename);

---

EDIT Thinking of it, none of this is optimal. File extensions most often describe the file type, but this is not always the case. For instance, you could rename a .png file to a .jpg extension, and most applications would still detect it is as a png file. Other than that, certain OSes simply don't use file extensions to determine the type of a file.

With $_FILE uploads, you are also given a type element which represents the MIME type of the file you've received. If you can, I suggest you rely on it instead of on the given extension:

$imagetypes = array(
    'image/png' => '.png',
    'image/gif' => '.gif',
    'image/jpeg' => '.jpg',
    'image/bmp' => '.bmp');
$ext = $imagetypes[$_FILES['myfile']['type']];

You can have a more complete list of MIME types here.

Answer 4

you could always:

$original = explode('.', $_FILES["picture"]["tmp_name"]);
$extension = array_pop($original);

move_uploaded_file($_FILES["picture"]["tmp_name"], "peopleimages/" . "$_POST[lastname]" . '_' . "$_POST[firstname]". $extension);

Answer 5

You can try:

move_uploaded_file($_FILES["picture"]["tmp_name"], "peopleimages/" . "$_POST[lastname]" . '_' . "$_POST[firstname]".".".end(explode(".", $_FILES["picture"]["tmp_name"])))

or as Niels Bom suggested

$filename=$_FILES["picture"]["tmp_name"];
$extension=end(explode(".", $filename));
$newfilename="$_POST[lastname]" . '_' . "$_POST[firstname]".".".$extension;
move_uploaded_file($filename, "peopleimages/" .$newfilename);

Answer 6

Dont forget if you are allowing people to upload arbitrary files, without checking the, extension, they can perfectly well upload a .php file and execute code on your server ;)

The .htaccess rules to deny php execution inside a certain folder is something like this (tailor for your setup)..

AddHandler cgi-script .php .pl .py .jsp .asp .htm .shtml .sh .cgi
Options -ExecCGI

Put this into a .htaccess file into the folder where you are uploading files.

Otherwise, just bear in mind that files may have more than one "." in them, and you should be golden.