Join Up!
96807 members and counting!

 
downloads | documentation | faq | getting help | mailing lists | reporting bugs | php.net sites | links 
search for in the  
lookup:
Manual de PHPManual de PHP
FilesystemFilesystem
 basenamebasename
 chgrpchgrp
 chmodchmod
 chownchown
 clearstatcacheclearstatcache
 copycopy
 deletedelete
 dirnamedirname
 disk_free_spacedisk_free_space
 disk_total_spacedisk_total_space
 diskfreespacediskfreespace
 fclosefclose
 feoffeof
 fflushfflush
 fgetcfgetc
 fgetcsvfgetcsv
 fgetsfgets
 fgetssfgetss
 file_existsfile_exists
 file_get_contentsfile_get_contents
 filefile
 fileatimefileatime
 filectimefilectime
 filegroupfilegroup
 fileinodefileinode
 filemtimefilemtime
 fileownerfileowner
 filepermsfileperms
 filesizefilesize
 filetypefiletype
 flockflock
 fnmatchfnmatch
 fopenfopen
 fpassthrufpassthru
 fputsfputs
 freadfread
 fscanffscanf
 fseekfseek
 fstatfstat
 ftellftell
 ftruncateftruncate
 fwritefwrite
 globglob
 is_diris_dir
 is_executableis_executable
 is_fileis_file
 is_linkis_link
 is_readableis_readable
 is_uploaded_fileis_uploaded_file
 is_writableis_writable
 is_writeableis_writeable
 linklink
 linkinfolinkinfo
 lstatlstat
 mkdirmkdir
 move_uploaded_filemove_uploaded_file
 parse_ini_fileparse_ini_file
 pathinfopathinfo
 pclosepclose
 popenpopen
 readfilereadfile
 readlinkreadlink
 realpathrealpath
 renamerename
 rewindrewind
 rmdirrmdir
 set_file_bufferset_file_buffer
 statstat
 stream_get_meta_datastream_get_meta_data
 stream_register_wrapperstream_register_wrapper
 stream_set_blockingstream_set_blocking
 stream_set_timeoutstream_set_timeout
 stream_set_write_bufferstream_set_write_buffer
 symlinksymlink
 tempnamtempnam
 tmpfiletmpfile
 touchtouch
 umaskumask
 unlinkunlink
previousis_readableis_writablenext
Last updated: Tue, 29 Oct 2002
view the printer friendly version or the printer friendly version with notes or change language to Czech | Finnish | German

is_uploaded_file

(PHP 3>= 3.0.17, PHP 4 >= 4.0.3)

is_uploaded_file -- Tells whether the file was uploaded via HTTP POST

Description

bool is_uploaded_file ( string filename)

Returns TRUE if the file named by filename was uploaded via HTTP POST. This is useful to help ensure that a malicious user hasn't tried to trick the script into working on files upon which it should not be working--for instance, /etc/passwd.

This sort of check is especially important if there is any chance that anything done with uploaded files could reveal their contents to the user, or even to other users on the same system.

is_uploaded_file() is available only in versions of PHP 3 after PHP 3.0.16, and in versions of PHP 4 after 4.0.2. If you are stuck using an earlier version, you can use the following function to help protect yourself:

Nota: The following example will not work in versions of PHP 4 after 4.0.2. It depends on internal functionality of PHP which changed after that version. 

<?php
/* Userland test for uploaded file. */
function is_uploaded_file($filename) {
    if (!$tmp_file = get_cfg_var('upload_tmp_dir')) {
        $tmp_file = dirname(tempnam('', ''));
    }
    $tmp_file .= '/' . basename($filename);
    /* User might have trailing slash in php.ini... */
    return (ereg_replace('/+', '/', $tmp_file) == $filename);
}

/* This is how to use it, since you also don't have
 * move_uploaded_file() in these older versions: */
if (is_uploaded_file($HTTP_POST_FILES['userfile'])) {
    copy($HTTP_POST_FILES['userfile'], "/place/to/put/uploaded/file");
} else {
    echo "Possible file upload attack: filename '$HTTP_POST_FILES[userfile]'.";
}
?>

See also move_uploaded_file(), and the section Handling file uploads for a simple usage example.

User Contributed Notes
is_uploaded_file		 add a note about notes
There are no user contributed notes for this page.
previousis_readableis_writablenext
Last updated: Tue, 29 Oct 2002
Copyright © 2001, 2002 The PHP Group
All rights reserved.		 This mirror generously provided by: http://phpbuilder.com/
Last updated: Thu Oct 31 18:34:28 2002 EST