Sophie

Sophie

distrib > PLD > ac > amd64 > media > dist > by-pkgid > dd8ef74e7a184506d40e4328053fb785 > files > 1512

php-manual-ro-20051028-1.noarch.rpm

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML
><HEAD
><TITLE
>is_uploaded_file</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK
REL="HOME"
TITLE="Manual PHP"
HREF="index.html"><LINK
REL="UP"
TITLE="Filesystem Functions"
HREF="ref.filesystem.html"><LINK
REL="PREVIOUS"
TITLE="is_readable"
HREF="function.is-readable.html"><LINK
REL="NEXT"
TITLE="is_writable"
HREF="function.is-writable.html"><META
HTTP-EQUIV="Content-type"
CONTENT="text/html; charset=ISO-8859-2"></HEAD
><BODY
CLASS="refentry"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><DIV
CLASS="NAVHEADER"
><TABLE
SUMMARY="Header navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TH
COLSPAN="3"
ALIGN="center"
>Manual PHP</TH
></TR
><TR
><TD
WIDTH="10%"
ALIGN="left"
VALIGN="bottom"
><A
HREF="function.is-readable.html"
ACCESSKEY="P"
>Înapoi</A
></TD
><TD
WIDTH="80%"
ALIGN="center"
VALIGN="bottom"
></TD
><TD
WIDTH="10%"
ALIGN="right"
VALIGN="bottom"
><A
HREF="function.is-writable.html"
ACCESSKEY="N"
>Înainte</A
></TD
></TR
></TABLE
><HR
ALIGN="LEFT"
WIDTH="100%"></DIV
><H1
><A
NAME="function.is-uploaded-file"
></A
>is_uploaded_file</H1
><DIV
CLASS="refnamediv"
><A
NAME="AEN29062"
></A
><P
>    (PHP 3&#62;= 3.0.17, PHP 4 &#62;= 4.0.3, PHP 5)</P
>is_uploaded_file&nbsp;--&nbsp;Tells whether the file was uploaded via HTTP POST</DIV
><DIV
CLASS="refsect1"
><A
NAME="AEN29065"
></A
><H2
>Description</H2
>bool <B
CLASS="methodname"
>is_uploaded_file</B
> ( string filename)<BR
></BR
><P
>&#13;     Returns <TT
CLASS="constant"
><B
>TRUE</B
></TT
> if the file named by <VAR
CLASS="parameter"
>filename</VAR
> was
     uploaded via HTTP POST. This is useful to help ensure that a
     malicious user hasn't tried to trick the script into working on
     files upon which it should not be working--for instance,
     <TT
CLASS="filename"
>/etc/passwd</TT
>.
    </P
><P
>&#13;     This sort of check is especially important if there is any chance
     that anything done with uploaded files could reveal their
     contents to the user, or even to other users on the same
     system.
    </P
><P
>&#13;     <B
CLASS="function"
>is_uploaded_file()</B
> is available only in
     versions of PHP 3 after PHP 3.0.16, and in versions of PHP 4
     after 4.0.2. If you are stuck using an earlier version, you can
     use the following function to help protect yourself:
     <DIV
CLASS="note"
><BLOCKQUOTE
CLASS="note"
><P
><B
>Not&#227;: </B
>
       The following example will <SPAN
CLASS="emphasis"
><I
CLASS="emphasis"
>not</I
></SPAN
> work in
       versions of PHP 4 after 4.0.2. It depends on internal
       functionality of PHP which changed after that version.
      </P
></BLOCKQUOTE
></DIV
>
    </P
><TABLE
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
CLASS="EXAMPLE"
><TR
><TD
><DIV
CLASS="example"
><A
NAME="AEN29083"
></A
><P
><B
>Exemplu 1. <B
CLASS="function"
>is_uploaded_file()</B
> example</B
></P
><TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
CELLPADDING="5"
><TR
><TD
><code><font color="#000000">
<font color="#0000BB">&lt;?php<br /></font><font color="#FF8000">/* Userland test for uploaded file. */<br /></font><font color="#007700">function </font><font color="#0000BB">is_uploaded_file</font><font color="#007700">(</font><font color="#0000BB">$filename</font><font color="#007700">) <br />{<br />&nbsp;&nbsp;&nbsp;&nbsp;if (!</font><font color="#0000BB">$tmp_file </font><font color="#007700">= </font><font color="#0000BB">get_cfg_var</font><font color="#007700">(</font><font color="#DD0000">'upload_tmp_dir'</font><font color="#007700">)) {<br />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</font><font color="#0000BB">$tmp_file </font><font color="#007700">= </font><font color="#0000BB">dirname</font><font color="#007700">(</font><font color="#0000BB">tempnam</font><font color="#007700">(</font><font color="#DD0000">''</font><font color="#007700">, </font><font color="#DD0000">''</font><font color="#007700">));<br />&nbsp;&nbsp;&nbsp;&nbsp;}<br />&nbsp;&nbsp;&nbsp;&nbsp;</font><font color="#0000BB">$tmp_file </font><font color="#007700">.= </font><font color="#DD0000">'/' </font><font color="#007700">. </font><font color="#0000BB">basename</font><font color="#007700">(</font><font color="#0000BB">$filename</font><font color="#007700">);<br />&nbsp;&nbsp;&nbsp;&nbsp;</font><font color="#FF8000">/* User might have trailing slash in php.ini... */<br />&nbsp;&nbsp;&nbsp;&nbsp;</font><font color="#007700">return (</font><font color="#0000BB">ereg_replace</font><font color="#007700">(</font><font color="#DD0000">'/+'</font><font color="#007700">, </font><font color="#DD0000">'/'</font><font color="#007700">, </font><font color="#0000BB">$tmp_file</font><font color="#007700">) == </font><font color="#0000BB">$filename</font><font color="#007700">);<br />}<br /><br /></font><font color="#FF8000">/* This is how to use it, since you also don't have<br /> * move_uploaded_file() in these older versions: */<br /></font><font color="#007700">if (</font><font color="#0000BB">is_uploaded_file</font><font color="#007700">(</font><font color="#0000BB">$HTTP_POST_FILES</font><font color="#007700">[</font><font color="#DD0000">'userfile'</font><font color="#007700">])) {<br />&nbsp;&nbsp;&nbsp;&nbsp;</font><font color="#0000BB">copy</font><font color="#007700">(</font><font color="#0000BB">$HTTP_POST_FILES</font><font color="#007700">[</font><font color="#DD0000">'userfile'</font><font color="#007700">], </font><font color="#DD0000">"/place/to/put/uploaded/file"</font><font color="#007700">);<br />} else {<br />&nbsp;&nbsp;&nbsp;&nbsp;echo </font><font color="#DD0000">"Possible file upload attack: filename '$HTTP_POST_FILES</font><font color="#007700">[</font><font color="#DD0000">userfile</font><font color="#007700">]</font><font color="#DD0000">'."</font><font color="#007700">;<br />}<br /></font><font color="#0000BB">?&gt;</font>
</font>
</code></TD
></TR
></TABLE
></DIV
></TD
></TR
></TABLE
><P
>&#13;     See also <A
HREF="function.move-uploaded-file.html"
><B
CLASS="function"
>move_uploaded_file()</B
></A
>, and the section
     <A
HREF="features.file-upload.html"
>Handling file uploads</A
>
     for a simple usage example.
    </P
></DIV
><DIV
CLASS="NAVFOOTER"
><HR
ALIGN="LEFT"
WIDTH="100%"><TABLE
SUMMARY="Footer navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
><A
HREF="function.is-readable.html"
ACCESSKEY="P"
>Înapoi</A
></TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="index.html"
ACCESSKEY="H"
>Acas&#227;</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
><A
HREF="function.is-writable.html"
ACCESSKEY="N"
>Înainte</A
></TD
></TR
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
>is_readable</TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="ref.filesystem.html"
ACCESSKEY="U"
>Sus</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
>is_writable</TD
></TR
></TABLE
></DIV
></BODY
></HTML
>

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional