Page 1 of 1

Is_Uploaded_File

Posted: Fri Jun 13, 2003 8:29 pm
by Templeton Peck
Hey,

trying to test to see if there's an uploaded file:

Code: Select all

if(Is_Uploaded_File($_Filesї'userfile']ї'name']))
{
      // do stuff with file here
}

else
{
   // no file blah blah blah

}
it always hit the else statement even though there's a file uploaded, can someone tell me why? If i just skip the Is_Uploaded_statement and do whatever with the uploaded file I want it works fine.

Posted: Fri Jun 13, 2003 8:58 pm
by cactus
Is there data in $_Files['userfile']['name'] ? What is the data in this var ?

Regards,

Posted: Fri Jun 13, 2003 9:02 pm
by Templeton Peck
var_dump reveals the data in the var is the name of the file that was uploaded, as it should be?

Posted: Fri Jun 13, 2003 9:11 pm
by cactus
What version of PHP are you using ?

Regards,

Posted: Fri Jun 13, 2003 9:16 pm
by Templeton Peck
version 4.3.1

Posted: Fri Jun 13, 2003 9:24 pm
by cactus
Did you use the code supplied in the manual:

Code: Select all

/* Userland test for uploaded file. */
function is_uploaded_file($filename) {
    if (!$tmp_file = get_cfg_var('upload_tmp_dir')) {
        $tmp_file = dirname(tempnam('', ''));
    }
    $tmp_file .= '/' . basename($filename);
    /* User might have trailing slash in php.ini... */
    return (ereg_replace('/+', '/', $tmp_file) == $filename);
}

/* This is how to use it, since you also don't have
 * move_uploaded_file() in these older versions: */
if (is_uploaded_file($HTTP_POST_FILES['userfile'])) {
    copy($HTTP_POST_FILES['userfile'], "/place/to/put/uploaded/file");
} else {
    echo "Possible file upload attack: filename '$HTTP_POST_FILES[userfile]'.";
}
Because of:
Note: The following example will not work in versions of PHP 4 after 4.0.2. It depends on internal functionality of PHP which changed after that version.
http://uk2.php.net/manual/en/function.i ... d-file.php

Regards,

Posted: Fri Jun 13, 2003 9:32 pm
by Templeton Peck
I didn't use that function, I just used the Is_Uploaded_File($filename) as stated in my first post

Posted: Fri Jun 13, 2003 9:38 pm
by cactus
Appologies, it's getting late 8O

Assign the check to a variable:

Code: Select all

$status = Is_Uploaded_File($_Files['userfile']['name']);
Var dump $status to see what it returns.

Regards,

Posted: Fri Jun 13, 2003 10:44 pm
by Templeton Peck
It shows false in status, but how come I can work with the uploaded file???

Posted: Sat Jun 14, 2003 3:14 am
by twigletmac
PHP is case sensitive so $_Files is not the same as $_FILES.

Mac

Posted: Sat Jun 14, 2003 3:38 am
by Templeton Peck
It was capitalized in my code.. still comes out false!

Posted: Sat Jun 14, 2003 3:42 am
by volka
the local (server-side) file name is stored under the key 'tmp_name' not 'name'
http://www.php.net/manual/en/features.file-upload.php
$_FILES['userfile']['name']
The original name of the file on the client machine.

$_FILES['userfile']['type']
The mime type of the file, if the browser provided this information. An example would be "image/gif".

$_FILES['userfile']['size']
The size, in bytes, of the uploaded file.

$_FILES['userfile']['tmp_name']
The temporary filename of the file in which the uploaded file was stored on the server.

$_FILES['userfile']['error']
The error code associated with this file upload. ['error'] was added in PHP 4.2.0

Posted: Sat Jun 14, 2003 7:23 am
by cactus
Cheers Volka, appologies to the OP, was very late lastnight, I should have left it and gone to bed :)

Regards,

Posted: Sat Jun 14, 2003 12:17 pm
by Judas
and so for those who still don't get it.

Code: Select all

if(Is_Uploaded_File($_FILES['userfile']['tmp_name'])) 
{ 
      // do stuff with file here 
} 

else 
{ 
   // no file blah blah blah 

}
[Admin Edit, changed $_Files to $_FILES - they are not the same thing and added PHP tags]

Posted: Sat Jun 14, 2003 3:17 pm
by Templeton Peck
thanks to everyone for helping out :)