473,231 Members | 2,035 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,231 software developers and data experts.

is_uploaded_file() question

Is it a good idea to use the is_uploaded_file() function (as a
security measure) when I've uploaded a file via Post method?

Thanks...

Jul 16 '05 #1
4 2340
On Sat, 30 Aug 2003 15:31:27 GMT, Ralph Freshour <ra***@primemail.com> wrote:
Is it a good idea to use the is_uploaded_file() function (as a
security measure) when I've uploaded a file via Post method?


Yes.

--
Andy Hassall (an**@andyh.co.uk) icq(5747695) (http://www.andyh.co.uk)
Space: disk usage analysis tool (http://www.andyhsoftware.co.uk/space)
Jul 16 '05 #2
On Sat, 30 Aug 2003 15:31:27 GMT, Ralph Freshour <ra***@primemail.com>
wrote:
Is it a good idea to use the is_uploaded_file() function (as a
security measure) when I've uploaded a file via Post method?

Thanks...


Yes, and anything else you think of. I've seen exploits using
uploaded files already.

Mike-

Mornings: Evolution in action. Only the grumpy will survive.
-----------------------------------------------------

Please note - Due to the intense volume of spam, we have
installed site-wide spam filters at catherders.com. If
email from you bounces, try non-HTML, non-encoded,
non-attachments.
----== Posted via Newsfeed.Com - Unlimited-Uncensored-Secure Usenet News==----
http://www.newsfeed.com The #1 Newsgroup Service in the World! >100,000 Newsgroups
---= 19 East/West-Coast Specialized Servers - Total Privacy via Encryption =---
Jul 16 '05 #3
I'm having some trouble getting the function to work - it's always
evaluating to false:
if (is_uploaded_file("uploads/".$_FILES['FileToUpload']['name']))
{
// file was uploaded via http
}
else
{
// file was not uploaded via http
}

I assume I have to make this check on the server? and therefore I need
the path to where the file is located? which is in my uploads
folder...
On Sun, 31 Aug 2003 08:43:10 -0400, Michael W. Cocke
<co***@catherders.com> wrote:
On Sat, 30 Aug 2003 15:31:27 GMT, Ralph Freshour <ra***@primemail.com>
wrote:
Is it a good idea to use the is_uploaded_file() function (as a
security measure) when I've uploaded a file via Post method?

Thanks...


Yes, and anything else you think of. I've seen exploits using
uploaded files already.

Mike-

Mornings: Evolution in action. Only the grumpy will survive.
-----------------------------------------------------

Please note - Due to the intense volume of spam, we have
installed site-wide spam filters at catherders.com. If
email from you bounces, try non-HTML, non-encoded,
non-attachments.
----== Posted via Newsfeed.Com - Unlimited-Uncensored-Secure Usenet News==----
http://www.newsfeed.com The #1 Newsgroup Service in the World! >100,000 Newsgroups
---= 19 East/West-Coast Specialized Servers - Total Privacy via Encryption =---


Jul 16 '05 #4
Also sprach Ralph Freshour:
I'm having some trouble getting the function to work - it's always
evaluating to false:
if (is_uploaded_file("uploads/".$_FILES['FileToUpload']['name']))


Shouldn't that be
if (is_uploaded_file($_FILES['FileToUpload']))
?


Jul 16 '05 #5

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

2
by: Ralph Freshour | last post by:
I'm using the is_uploaded_file() function to check if I'm uploading via Http - I am using copy() and when I use the is_uploaded_file() function it returns false - am I using the wrong upload...
3
by: Stevey | last post by:
I have the following XML file... <?xml version="1.0"?> <animals> <animal> <name>Tiger</name> <questions> <question index="0">true</question> <question index="1">true</question> </questions>
7
by: nospam | last post by:
Ok, 3rd or is it the 4th time I have asked this question on Partial Types, so, since it seems to me that Partial Types is still in the design or development stages at Microsoft, I am going to ask...
3
by: Ekqvist Marko | last post by:
Hi, I have one Access database table including questions and answers. Now I need to give answer id automatically to questionID column. But I don't know how it is best (fastest) to do? table...
10
by: glenn | last post by:
I am use to programming in php and the way session and post vars are past from fields on one page through to the post page automatically where I can get to their values easily to write to a...
10
by: Rider | last post by:
Hi, simple(?) question about asp.net configuration.. I've installed ASP.NET 2.0 QuickStart Sample successfully. But, When I'm first start application the follow message shown. ========= Server...
1
by: comp.lang.php | last post by:
Consider my code: if ($this->isSuccessful && is_file($_FILES)) { // STEP 6: MOVE RESUME TO DIRECTORY $uuid = $this->sfug->getUUID(); if (!$uuid) $this->sfug->setUUID(); $uuid =...
6
exoskeleton
by: exoskeleton | last post by:
good day dear experts... i have a problem about is_uploaded_file function.. it alwayz return false..is this function available in PHP version 5.0.1 or only in later version? im using PHP 5.0.1 ...
2
by: yord | last post by:
Hello, I have a PHP based site running for 2 years without any problems. The user can upload images and I run the is_uploaded_file() method to check if the file was really uploaded via HTTP...
3
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 3 Jan 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). For other local times, please check World Time Buddy In...
0
by: jianzs | last post by:
Introduction Cloud-native applications are conventionally identified as those designed and nurtured on cloud infrastructure. Such applications, rooted in cloud technologies, skillfully benefit from...
0
by: abbasky | last post by:
### Vandf component communication method one: data sharing ​ Vandf components can achieve data exchange through data sharing, state sharing, events, and other methods. Vandf's data exchange method...
0
by: fareedcanada | last post by:
Hello I am trying to split number on their count. suppose i have 121314151617 (12cnt) then number should be split like 12,13,14,15,16,17 and if 11314151617 (11cnt) then should be split like...
0
by: stefan129 | last post by:
Hey forum members, I'm exploring options for SSL certificates for multiple domains. Has anyone had experience with multi-domain SSL certificates? Any recommendations on reliable providers or specific...
0
Git
by: egorbl4 | last post by:
Скачал я git, хотел начать настройку, а там вылезло вот это Что это? Что мне с этим делать? ...
0
by: MeoLessi9 | last post by:
I have VirtualBox installed on Windows 11 and now I would like to install Kali on a virtual machine. However, on the official website, I see two options: "Installer images" and "Virtual machines"....
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
by: Aftab Ahmad | last post by:
Hello Experts! I have written a code in MS Access for a cmd called "WhatsApp Message" to open WhatsApp using that very code but the problem is that it gives a popup message everytime I clicked on...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.