Php/docs/function.is-uploaded-file
is_uploaded_file
(PHP 4 >= 4.0.3, PHP 5, PHP 7)
is_uploaded_file — Tells whether the file was uploaded via HTTP POST
Description
is_uploaded_file
( string $filename
) : bool
Returns TRUE
if the file named by filename
was
uploaded via HTTP POST. This is useful to help ensure that a
malicious user hasn't tried to trick the script into working on
files upon which it should not be working--for instance,
/etc/passwd
.
This sort of check is especially important if there is any chance that anything done with uploaded files could reveal their contents to the user, or even to other users on the same system.
For proper working, the function is_uploaded_file() needs
an argument like $_FILES['userfile']['tmp_name']
, - the name of the uploaded
file on the client's machine $_FILES['userfile']['name']
does not work.
Parameters
filename
- The filename being checked.
Return Values
Returns TRUE
on success or FALSE
on failure.
Examples
Example #1 is_uploaded_file() example
<?phpif (is_uploaded_file($_FILES['userfile']['tmp_name'])) { echo "File ". $_FILES['userfile']['name'] ." uploaded successfully.\n"; echo "Displaying contents\n"; readfile($_FILES['userfile']['tmp_name']);} else { echo "Possible file upload attack: "; echo "filename '". $_FILES['userfile']['tmp_name'] . "'.";}?>
See Also
- move_uploaded_file() - Moves an uploaded file to a new location
$_FILES
- See Handling file uploads for a simple usage example.