8.10.2 Checking uploaded files: is_uploaded_file()This is NOT the latest copy of this book; click here for the latest version.
bool is_uploaded_file ( string filename)
The move_uploaded_file() function is basically the same as the rename() function with the difference that it only succeeds if the file was just uploaded by the PHP script - this adds extra security to your script, by stopping people trying to move secure data, such as password files, into a public directory.
If you want to perform this check yourself, use the is_uploaded_file() function - it takes a filename as its sole parameter, and returns true if the file was uploaded by the script and false if not. Here is a simple example:
if (is_uploaded_file($somefile)) {
copy($somefile, "/var/www/userfiles/$somefile");
}
If you just want to check whether a file was uploaded before you move it, move_uploaded_file() is better.
|
Want to see this stuff in print? PHP in a Nutshell takes the core topics covered here, adds in thousands of edits from the editorial team and myself, and combines them to make an unbeatable reference for PHP programmers at all levels.
My latest book has hundreds more tips on how to use PHP, Apache, and MySQL, plus Perl, Python, shell scripts, performance tuning, and more!
|
