<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <HTML ><HEAD ><TITLE >is_uploaded_file</TITLE ><META NAME="GENERATOR" CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK REL="HOME" TITLE="Manual PHP" HREF="index.html"><LINK REL="UP" TITLE="Filesystem Functions" HREF="ref.filesystem.html"><LINK REL="PREVIOUS" TITLE="is_readable" HREF="function.is-readable.html"><LINK REL="NEXT" TITLE="is_writable" HREF="function.is-writable.html"><META HTTP-EQUIV="Content-type" CONTENT="text/html; charset=ISO-8859-2"></HEAD ><BODY CLASS="refentry" BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#0000FF" VLINK="#840084" ALINK="#0000FF" ><DIV CLASS="NAVHEADER" ><TABLE SUMMARY="Header navigation table" WIDTH="100%" BORDER="0" CELLPADDING="0" CELLSPACING="0" ><TR ><TH COLSPAN="3" ALIGN="center" >Manual PHP</TH ></TR ><TR ><TD WIDTH="10%" ALIGN="left" VALIGN="bottom" ><A HREF="function.is-readable.html" ACCESSKEY="P" >Înapoi</A ></TD ><TD WIDTH="80%" ALIGN="center" VALIGN="bottom" ></TD ><TD WIDTH="10%" ALIGN="right" VALIGN="bottom" ><A HREF="function.is-writable.html" ACCESSKEY="N" >Înainte</A ></TD ></TR ></TABLE ><HR ALIGN="LEFT" WIDTH="100%"></DIV ><H1 ><A NAME="function.is-uploaded-file" ></A >is_uploaded_file</H1 ><DIV CLASS="refnamediv" ><A NAME="AEN29062" ></A ><P > (PHP 3>= 3.0.17, PHP 4 >= 4.0.3, PHP 5)</P >is_uploaded_file -- Tells whether the file was uploaded via HTTP POST</DIV ><DIV CLASS="refsect1" ><A NAME="AEN29065" ></A ><H2 >Description</H2 >bool <B CLASS="methodname" >is_uploaded_file</B > ( string filename)<BR ></BR ><P > Returns <TT CLASS="constant" ><B >TRUE</B ></TT > if the file named by <VAR CLASS="parameter" >filename</VAR > was uploaded via HTTP POST. This is useful to help ensure that a malicious user hasn't tried to trick the script into working on files upon which it should not be working--for instance, <TT CLASS="filename" >/etc/passwd</TT >. </P ><P > This sort of check is especially important if there is any chance that anything done with uploaded files could reveal their contents to the user, or even to other users on the same system. </P ><P > <B CLASS="function" >is_uploaded_file()</B > is available only in versions of PHP 3 after PHP 3.0.16, and in versions of PHP 4 after 4.0.2. If you are stuck using an earlier version, you can use the following function to help protect yourself: <DIV CLASS="note" ><BLOCKQUOTE CLASS="note" ><P ><B >Notã: </B > The following example will <SPAN CLASS="emphasis" ><I CLASS="emphasis" >not</I ></SPAN > work in versions of PHP 4 after 4.0.2. It depends on internal functionality of PHP which changed after that version. </P ></BLOCKQUOTE ></DIV > </P ><TABLE WIDTH="100%" BORDER="0" CELLPADDING="0" CELLSPACING="0" CLASS="EXAMPLE" ><TR ><TD ><DIV CLASS="example" ><A NAME="AEN29083" ></A ><P ><B >Exemplu 1. <B CLASS="function" >is_uploaded_file()</B > example</B ></P ><TABLE BORDER="0" BGCOLOR="#E0E0E0" CELLPADDING="5" ><TR ><TD ><code><font color="#000000"> <font color="#0000BB"><?php<br /></font><font color="#FF8000">/* Userland test for uploaded file. */<br /></font><font color="#007700">function </font><font color="#0000BB">is_uploaded_file</font><font color="#007700">(</font><font color="#0000BB">$filename</font><font color="#007700">) <br />{<br /> if (!</font><font color="#0000BB">$tmp_file </font><font color="#007700">= </font><font color="#0000BB">get_cfg_var</font><font color="#007700">(</font><font color="#DD0000">'upload_tmp_dir'</font><font color="#007700">)) {<br /> </font><font color="#0000BB">$tmp_file </font><font color="#007700">= </font><font color="#0000BB">dirname</font><font color="#007700">(</font><font color="#0000BB">tempnam</font><font color="#007700">(</font><font color="#DD0000">''</font><font color="#007700">, </font><font color="#DD0000">''</font><font color="#007700">));<br /> }<br /> </font><font color="#0000BB">$tmp_file </font><font color="#007700">.= </font><font color="#DD0000">'/' </font><font color="#007700">. </font><font color="#0000BB">basename</font><font color="#007700">(</font><font color="#0000BB">$filename</font><font color="#007700">);<br /> </font><font color="#FF8000">/* User might have trailing slash in php.ini... */<br /> </font><font color="#007700">return (</font><font color="#0000BB">ereg_replace</font><font color="#007700">(</font><font color="#DD0000">'/+'</font><font color="#007700">, </font><font color="#DD0000">'/'</font><font color="#007700">, </font><font color="#0000BB">$tmp_file</font><font color="#007700">) == </font><font color="#0000BB">$filename</font><font color="#007700">);<br />}<br /><br /></font><font color="#FF8000">/* This is how to use it, since you also don't have<br /> * move_uploaded_file() in these older versions: */<br /></font><font color="#007700">if (</font><font color="#0000BB">is_uploaded_file</font><font color="#007700">(</font><font color="#0000BB">$HTTP_POST_FILES</font><font color="#007700">[</font><font color="#DD0000">'userfile'</font><font color="#007700">])) {<br /> </font><font color="#0000BB">copy</font><font color="#007700">(</font><font color="#0000BB">$HTTP_POST_FILES</font><font color="#007700">[</font><font color="#DD0000">'userfile'</font><font color="#007700">], </font><font color="#DD0000">"/place/to/put/uploaded/file"</font><font color="#007700">);<br />} else {<br /> echo </font><font color="#DD0000">"Possible file upload attack: filename '$HTTP_POST_FILES</font><font color="#007700">[</font><font color="#DD0000">userfile</font><font color="#007700">]</font><font color="#DD0000">'."</font><font color="#007700">;<br />}<br /></font><font color="#0000BB">?></font> </font> </code></TD ></TR ></TABLE ></DIV ></TD ></TR ></TABLE ><P > See also <A HREF="function.move-uploaded-file.html" ><B CLASS="function" >move_uploaded_file()</B ></A >, and the section <A HREF="features.file-upload.html" >Handling file uploads</A > for a simple usage example. </P ></DIV ><DIV CLASS="NAVFOOTER" ><HR ALIGN="LEFT" WIDTH="100%"><TABLE SUMMARY="Footer navigation table" WIDTH="100%" BORDER="0" CELLPADDING="0" CELLSPACING="0" ><TR ><TD WIDTH="33%" ALIGN="left" VALIGN="top" ><A HREF="function.is-readable.html" ACCESSKEY="P" >Înapoi</A ></TD ><TD WIDTH="34%" ALIGN="center" VALIGN="top" ><A HREF="index.html" ACCESSKEY="H" >Acasã</A ></TD ><TD WIDTH="33%" ALIGN="right" VALIGN="top" ><A HREF="function.is-writable.html" ACCESSKEY="N" >Înainte</A ></TD ></TR ><TR ><TD WIDTH="33%" ALIGN="left" VALIGN="top" >is_readable</TD ><TD WIDTH="34%" ALIGN="center" VALIGN="top" ><A HREF="ref.filesystem.html" ACCESSKEY="U" >Sus</A ></TD ><TD WIDTH="33%" ALIGN="right" VALIGN="top" >is_writable</TD ></TR ></TABLE ></DIV ></BODY ></HTML >