By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
437,831 Members | 2,296 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 437,831 IT Pros & Developers. It's quick & easy.

is_uploaded_file() question

P: n/a
Is it a good idea to use the is_uploaded_file() function (as a
security measure) when I've uploaded a file via Post method?

Thanks...

Jul 16 '05 #1
Share this Question
Share on Google+
4 Replies


P: n/a
On Sat, 30 Aug 2003 15:31:27 GMT, Ralph Freshour <ra***@primemail.com> wrote:
Is it a good idea to use the is_uploaded_file() function (as a
security measure) when I've uploaded a file via Post method?


Yes.

--
Andy Hassall (an**@andyh.co.uk) icq(5747695) (http://www.andyh.co.uk)
Space: disk usage analysis tool (http://www.andyhsoftware.co.uk/space)
Jul 16 '05 #2

P: n/a
On Sat, 30 Aug 2003 15:31:27 GMT, Ralph Freshour <ra***@primemail.com>
wrote:
Is it a good idea to use the is_uploaded_file() function (as a
security measure) when I've uploaded a file via Post method?

Thanks...


Yes, and anything else you think of. I've seen exploits using
uploaded files already.

Mike-

Mornings: Evolution in action. Only the grumpy will survive.
-----------------------------------------------------

Please note - Due to the intense volume of spam, we have
installed site-wide spam filters at catherders.com. If
email from you bounces, try non-HTML, non-encoded,
non-attachments.
----== Posted via Newsfeed.Com - Unlimited-Uncensored-Secure Usenet News==----
http://www.newsfeed.com The #1 Newsgroup Service in the World! >100,000 Newsgroups
---= 19 East/West-Coast Specialized Servers - Total Privacy via Encryption =---
Jul 16 '05 #3

P: n/a
I'm having some trouble getting the function to work - it's always
evaluating to false:
if (is_uploaded_file("uploads/".$_FILES['FileToUpload']['name']))
{
// file was uploaded via http
}
else
{
// file was not uploaded via http
}

I assume I have to make this check on the server? and therefore I need
the path to where the file is located? which is in my uploads
folder...
On Sun, 31 Aug 2003 08:43:10 -0400, Michael W. Cocke
<co***@catherders.com> wrote:
On Sat, 30 Aug 2003 15:31:27 GMT, Ralph Freshour <ra***@primemail.com>
wrote:
Is it a good idea to use the is_uploaded_file() function (as a
security measure) when I've uploaded a file via Post method?

Thanks...


Yes, and anything else you think of. I've seen exploits using
uploaded files already.

Mike-

Mornings: Evolution in action. Only the grumpy will survive.
-----------------------------------------------------

Please note - Due to the intense volume of spam, we have
installed site-wide spam filters at catherders.com. If
email from you bounces, try non-HTML, non-encoded,
non-attachments.
----== Posted via Newsfeed.Com - Unlimited-Uncensored-Secure Usenet News==----
http://www.newsfeed.com The #1 Newsgroup Service in the World! >100,000 Newsgroups
---= 19 East/West-Coast Specialized Servers - Total Privacy via Encryption =---


Jul 16 '05 #4

P: n/a
Also sprach Ralph Freshour:
I'm having some trouble getting the function to work - it's always
evaluating to false:
if (is_uploaded_file("uploads/".$_FILES['FileToUpload']['name']))


Shouldn't that be
if (is_uploaded_file($_FILES['FileToUpload']))
?


Jul 16 '05 #5

This discussion thread is closed

Replies have been disabled for this discussion.