FileUpload

Last update:

May 18, 2026

Description

Uploads file to a directory on the server.

Returns

Struct that contains the result (or status) of file upload.For details of what the struct contains, see the usage section of cffile action = "upload".

Function syntax

FileUpload(destination, fileField, accept, nameConflict, strict, allowedExtensions, continueOnError)

History

ColdFusion (2025 release): Added the parameter continueOnError.
ColdFusion (2018 release) Update 3, ColdFusion (2016 release) Update 10, ColdFusion 11 Update 18: Added the parameter allowedExtensions.
ColdFusion 9.0.1: Added this function.

Parameters

Value	Description
destination	Path of directory in which to upload the file. If not an absolute path (starting with a drive letter and a colon, or a forward or backward slash), it is relative to the ColdFusion temporary directory returned by the function getTempDirectory. If the destination you specify does not exist, ColdFusion creates a file with the specified destination name. For example, if you specify the destination C:\XYZ, ColdFusion creates a file XYZ in the C: drive.
accept	Limits the MIME types to accept. It is a comma-delimited list. For example, the following code permits JPEG and Microsoft Word file uploads :" image/jpg ,application / msword ". When strict="true" If strict is true and the mime type is specified in the accept attribute, the file does not get uploaded if the extension is blocked in the server or application settings. When strict="false" And you provide a file extension in the attribute accept, the extension overrides the blocked extension list in the server or application settings. The file then gets uploaded. And you try to upload a file and the mime type is specified in the accept attribute, the file does not get uploaded. The file that you are trying to upload has it’s extension blocked in the Administrator/Application-level settings. Values specified in the attribute allowedExtensions override the list of blocked extensions in the server or application settings.
nameConflict	Action to take if file has the same name of a file in the directory. Error: File is not saved. ColdFusion stops processing the page and returns an error. Skip: File is not saved. This option permits custom behavior based on file properties. Overwrite: Replaces file. MakeUnique: Forms a unique filename for the upload; name is stored in the file object variable serverFile.
allowedExtensions	A comma-separated list of file extensions, which will be allowed for upload. For example, .png, .jpg, or, .jpeg. You can use "*" (star) to allow all files, except where you specify the MIME type in the accept attribute. Values specified in the parameter allowedExtensions overrides the list of blocked extensions in the server or application settings.
fileField	Name of form field used to select the file. Do not use number signs (#) to specify the field name.
strict	strict="false" If strict is false, and you provide a file extension in the attribute accept, the extension overrides the blocked extension list in the server or application settings. The file then gets uploaded. If you provide a MIME type in the attribute accept, and the extension of the file you are trying to upload is blocked in the Administrator/Application-level settings, the file does not get uploaded. For example, If you have blocked file type CFM in the ColdFusion Administrator and specified accept=".cfm" in the tag, and when you try uploading a CFM file, the file gets uploaded. If you have blocked file type CFM in the ColdFusion Administrator and specified accept= ”text /x- coldfusion ” in the tag, and when you try uploading a CFM file, the file gets blocked. strict="true" If strict is true and the mime type is specified in the accept attribute, the file does not get uploaded if the extension is blocked in the server or application settings. For example, if you have blocked file type CFM in the ColdFusion Administrator and specified accept= ”text /x- coldfusion ” and strict=”true ” , and you try uploading a cfm file, the file does not get uploaded. Values specified in the attribute allowedExtensions overrides the list of blocked extensions in the server or application settings.
continueOnError	When set to true, the file upload continues even after encountering an upload error. A file upload error happens due to the following reasons: Empty file Invalid file type Invalid MIME or extension File already exists In the case of an upload failure, the error details will be stored in the errors attribute.

Usage

cffile action = "upload"

Example

<cfscript> 

   upload = FileUpload("C:\location\",

            "fileData",

            "text/x-coldfusion",

            "Overwrite", 

            true, 

            ".cfm, .png");

   writeDump(upload);

</cfscript>

Example- using continueOnError

<form method="post" enctype="multipart/form-data">

  <input type="file" name="fileInput">

  <button type="submit">Upload</button>

</form>

<cfscript>

  if( structKeyExists( form, "fileInput" )) {

    try {

      uploadedFile = FileUpload(destination="C:\Code",fileField="fileInput",mimeType="*",onConflict="Error",continueOnError="true" strict="true",allowedExtensions=".jpg");

      // check the file extension of the uploaded file; mime types can be spoofed

      if (not listFindNoCase("jpg,jpeg", uploadedFile.serverFileExt)) {

      throw("The uploaded file is not of type JPG.");

      }

      // do stuff with uploadedFile...

    } catch ( coldfusion.tagext.io.FileUtils$InvalidUploadTypeException e ) {

      writeOutput( "This upload form only accepts JPEG files." );

    }

    catch (any e) {

    writeOutput( "An error occurred while uploading your file: #e.message#" );

    }

  }

  writeDump(abcd);

</cfscript>

This sample code provides a basic file upload form and server-side processing to handle the uploaded file in ColdFusion. It checks for the presence of a file, attempts to upload it to a specified directory, validates the file extension, and handles errors appropriately.

Was this page helpful?

We're glad. Tell us how this page helped.

Found the answer to my problem Understood the instructions Liked the feature

Other suggestions

We're sorry. Can you tell us what didn't work for you?

Didn't find the answer to my problem Couldn't understand the instructions Didn't like the feature

Other suggestions

Thank you for your feedback. Your response will help improve this page.

Was this helpful?

We are sorry the content didn't meet your needs.

Share additional feedback to help us improve.

0/255 | Character limit exceeded.

Thank you so much for sharing your feedback!