Page 1 of 1
Is_Uploaded_File
Posted: Fri Jun 13, 2003 8:29 pm
by Templeton Peck
Hey,
trying to test to see if there's an uploaded file:
Code: Select all
if(Is_Uploaded_File($_Filesї'userfile']ї'name']))
{
// do stuff with file here
}
else
{
// no file blah blah blah
}
it always hit the else statement even though there's a file uploaded, can someone tell me why? If i just skip the Is_Uploaded_statement and do whatever with the uploaded file I want it works fine.
Posted: Fri Jun 13, 2003 8:58 pm
by cactus
Is there data in $_Files['userfile']['name'] ? What is the data in this var ?
Regards,
Posted: Fri Jun 13, 2003 9:02 pm
by Templeton Peck
var_dump reveals the data in the var is the name of the file that was uploaded, as it should be?
Posted: Fri Jun 13, 2003 9:11 pm
by cactus
What version of PHP are you using ?
Regards,
Posted: Fri Jun 13, 2003 9:16 pm
by Templeton Peck
version 4.3.1
Posted: Fri Jun 13, 2003 9:24 pm
by cactus
Did you use the code supplied in the manual:
Code: Select all
/* Userland test for uploaded file. */
function is_uploaded_file($filename) {
if (!$tmp_file = get_cfg_var('upload_tmp_dir')) {
$tmp_file = dirname(tempnam('', ''));
}
$tmp_file .= '/' . basename($filename);
/* User might have trailing slash in php.ini... */
return (ereg_replace('/+', '/', $tmp_file) == $filename);
}
/* This is how to use it, since you also don't have
* move_uploaded_file() in these older versions: */
if (is_uploaded_file($HTTP_POST_FILES['userfile'])) {
copy($HTTP_POST_FILES['userfile'], "/place/to/put/uploaded/file");
} else {
echo "Possible file upload attack: filename '$HTTP_POST_FILES[userfile]'.";
}
Because of:
Note: The following example will not work in versions of PHP 4 after 4.0.2. It depends on internal functionality of PHP which changed after that version.
http://uk2.php.net/manual/en/function.i ... d-file.php
Regards,
Posted: Fri Jun 13, 2003 9:32 pm
by Templeton Peck
I didn't use that function, I just used the Is_Uploaded_File($filename) as stated in my first post
Posted: Fri Jun 13, 2003 9:38 pm
by cactus
Appologies, it's getting late
Assign the check to a variable:
Code: Select all
$status = Is_Uploaded_File($_Files['userfile']['name']);
Var dump $status to see what it returns.
Regards,
Posted: Fri Jun 13, 2003 10:44 pm
by Templeton Peck
It shows false in status, but how come I can work with the uploaded file???
Posted: Sat Jun 14, 2003 3:14 am
by twigletmac
PHP is case sensitive so $_Files is not the same as $_FILES.
Mac
Posted: Sat Jun 14, 2003 3:38 am
by Templeton Peck
It was capitalized in my code.. still comes out false!
Posted: Sat Jun 14, 2003 3:42 am
by volka
the local (server-side) file name is stored under the key 'tmp_name' not 'name'
http://www.php.net/manual/en/features.file-upload.php$_FILES['userfile']['name']
The original name of the file on the client machine.
$_FILES['userfile']['type']
The mime type of the file, if the browser provided this information. An example would be "image/gif".
$_FILES['userfile']['size']
The size, in bytes, of the uploaded file.
$_FILES['userfile']['tmp_name']
The temporary filename of the file in which the uploaded file was stored on the server.
$_FILES['userfile']['error']
The error code associated with this file upload. ['error'] was added in PHP 4.2.0
Posted: Sat Jun 14, 2003 7:23 am
by cactus
Cheers Volka, appologies to the OP, was very late lastnight, I should have left it and gone to bed
Regards,
Posted: Sat Jun 14, 2003 12:17 pm
by Judas
and so for those who still don't get it.
Code: Select all
if(Is_Uploaded_File($_FILES['userfile']['tmp_name']))
{
// do stuff with file here
}
else
{
// no file blah blah blah
}
[Admin Edit, changed $_Files to $_FILES - they are not the same thing and added PHP tags]
Posted: Sat Jun 14, 2003 3:17 pm
by Templeton Peck
thanks to everyone for helping out
