Here's what I have:
Client Side
Code: Select all
<form enctype="multipart/form-data" action="script.php" method="POST">
<input type="hidden" name="MAX_FILE_SIZE" value="10000000" />
<ul>
<li class="form"><label for="variable">Choose a file to upload: </label></li>
<li class="form"><input name="variable" type="file" /><br /></li>
<li class="form"><input type="submit" value="Upload File" /></li>
</ul>
</form>
Code: Select all
<?php
$uploaddir = './upload/'; // Relative path under webroot
$uploadfile = $uploaddir . basename($_FILES['variable']['name']);
if (move_uploaded_file($_FILES['variable']['tmp_name'], $uploadfile)) {
echo "<p>File uploaded successfully</p>";
} else {
echo "<p>File uploading failed. Please use your browser's back button to return to the upload form.</p>";
}
?>
Am I wrong thinking this way? Is it possible that the server will somehow execute a file automatically? (Because I don't see a way that this could cause harm)