is_uploaded_file() question

On Sat, 30 Aug 2003 15:31:27 GMT, Ralph Freshour <ra***@primemail.com> wrote:

Is it a good idea to use the is_uploaded_file() function (as a
security measure) when I've uploaded a file via Post method?

Yes.

--
Andy Hassall (an**@andyh.co.uk) icq(5747695) (http://www.andyh.co.uk)
Space: disk usage analysis tool (http://www.andyhsoftware.co.uk/space)

On Sat, 30 Aug 2003 15:31:27 GMT, Ralph Freshour <ra***@primemail.com>
wrote:

Is it a good idea to use the is_uploaded_file() function (as a
security measure) when I've uploaded a file via Post method?

Thanks...

Yes, and anything else you think of. I've seen exploits using
uploaded files already.

Mike-

Mornings: Evolution in action. Only the grumpy will survive.
-----------------------------------------------------

Please note - Due to the intense volume of spam, we have
installed site-wide spam filters at catherders.com. If
email from you bounces, try non-HTML, non-encoded,
non-attachments.
----== Posted via Newsfeed.Com - Unlimited-Uncensored-Secure Usenet News==----
http://www.newsfeed.com The #1 Newsgroup Service in the World! >100,000 Newsgroups
---= 19 East/West-Coast Specialized Servers - Total Privacy via Encryption =---

I'm having some trouble getting the function to work - it's always
evaluating to false:
if (is_uploaded_file("uploads/".$_FILES['FileToUpload']['name']))
{
// file was uploaded via http
}
else
{
// file was not uploaded via http
}

I assume I have to make this check on the server? and therefore I need
the path to where the file is located? which is in my uploads
folder...
On Sun, 31 Aug 2003 08:43:10 -0400, Michael W. Cocke
<co***@catherders.com> wrote:

On Sat, 30 Aug 2003 15:31:27 GMT, Ralph Freshour <ra***@primemail.com>
wrote:

Is it a good idea to use the is_uploaded_file() function (as a
security measure) when I've uploaded a file via Post method?

Thanks...

Yes, and anything else you think of. I've seen exploits using
uploaded files already.

Mike-

Mornings: Evolution in action. Only the grumpy will survive.
-----------------------------------------------------

Please note - Due to the intense volume of spam, we have
installed site-wide spam filters at catherders.com. If
email from you bounces, try non-HTML, non-encoded,
non-attachments.
----== Posted via Newsfeed.Com - Unlimited-Uncensored-Secure Usenet News==----
http://www.newsfeed.com The #1 Newsgroup Service in the World! >100,000 Newsgroups
---= 19 East/West-Coast Specialized Servers - Total Privacy via Encryption =---

Also sprach Ralph Freshour:

I'm having some trouble getting the function to work - it's always
evaluating to false:
if (is_uploaded_file("uploads/".$_FILES['FileToUpload']['name']))

Shouldn't that be
if (is_uploaded_file($_FILES['FileToUpload']))
?