is_uploaded_file

PHP Manual
Prev		Next

is_uploaded_file

(PHP 3 >= 3.0.17, PHP 4 >= 4.0.3, PHP 5)

is_uploaded_file -- Tells whether the file was uploaded via HTTP POST

Description

bool is_uploaded_file ( string filename )

Returns TRUE if the file named by filename was uploaded via HTTP POST. This is useful to help ensure that a malicious user hasn't tried to trick the script into working on files upon which it should not be working--for instance, /etc/passwd.

This sort of check is especially important if there is any chance that anything done with uploaded files could reveal their contents to the user, or even to other users on the same system.

For proper working, the function is_uploaded_file() needs an argument like $_FILES['userfile']['tmp_name'], - the name of the uploaded file on the clients machine $_FILES['userfile']['name'] does not work.

Example 1. is_uploaded_file() example


<?php

if (is_uploaded_file($_FILES['userfile']['tmp_name'])) {
   echo "File ". $_FILES['userfile']['name'] ." uploaded successfully.\n";
   echo "Displaying contents\n";
   readfile($_FILES['userfile']['tmp_name']);
} else {
   echo "Possible file upload attack: ";
   echo "filename '". $_FILES['userfile']['tmp_name'] . "'.";
}

?>

is_uploaded_file() is available only in versions of PHP 3 after PHP 3.0.16, and in versions of PHP 4 after 4.0.2. If you are stuck using an earlier version, you can use the following function to help protect yourself:

Note: The following example will not work in versions of PHP 4 after 4.0.2. It depends on internal functionality of PHP which changed after that version.

Example 2. is_uploaded_file() example for PHP 4 < 4.0.3


<?php
/* Userland test for uploaded file. */
function is_uploaded_file_4_0_2($filename) 
{
    if (!$tmp_file = get_cfg_var('upload_tmp_dir')) {
        $tmp_file = dirname(tempnam('', ''));
    }
    $tmp_file .= '/' . basename($filename);
    /* User might have trailing slash in php.ini... */
    return (ereg_replace('/+', '/', $tmp_file) == $filename);
}

/* This is how to use it, since you also don't have
 * move_uploaded_file() in these older versions: */
if (is_uploaded_file_4_0_2($HTTP_POST_FILES['userfile'])) {
    copy($HTTP_POST_FILES['userfile'], "/place/to/put/uploaded/file");
} else {
    echo "Possible file upload attack: filename '$HTTP_POST_FILES[userfile]'.";
}
?>

See also move_uploaded_file(), and the section Handling file uploads for a simple usage example.

Prev	Home	Next
is_readable	Up	is_writable

	Links
Apollo Hosting $6.96/mo 3GB Diskspace 100GB Bandwidth Live 24/7 Support SpamAssassin Urchin Web Analytics PowWeb $7.77/mo 300GB Diskspace 3000GB Bandwidth Host Unlimited Domains Load Balanced Technology DNS Management PHP4/5 Perl5 CGI SSI MySQL Daily Backup HostMonster $5.95/mo 200GB Diskspace 2000GB Bandwidth Host Unlimited Domains SSH Access SSL FTP Stats CGI Ruby Perl PHP MySQL Free Domain

	Hosting Companies
Ourweb.Net Simply Hosting BlueHost 600host.net UK Web Hosting Yukis Place Web hosting Company Successfulhosting.com Number1Host.net Dot 5 Hosting Webbez.com Internet UpServe.net

	Partners
ApolloHosting.com eSecureData.com Galaxyvisions.com HostForWeb.com Lunarpages.com Server4you.com ServerDispatch.com Shinjiru.com SingleHop Dedicated Servers XLHost.com Dedicated Hosting WingSix.com ByetHost.com Australia and New Zealand Hosting Free Web Hosting Resources CCTV Camera Free Computer Recycling ID Printer

	Quick Search
Platform Price Diskspace Bandwidth Advance Search Show All Companies

	Reference & Manual
CSS 2.1 Hosting Glossary HTML 4.01 MySQL Manual PHP Manual

If you are looking for dedicated servers, look no further. HostPulse.com is a site devoted to help web users find cheap web hosting and dedicated servers.


	Host Login/Register \| Contact Us \| Terms \| Add Links Thumbnails by Thumbshots.org © 2002-2008 CheapHostDir.com


Home Share Hosting News Articles Reference & Manual Discount Zone Resources