Backend Development
PHP Tutorial
The problem of not being able to upload files caused by the is_uploaded_file function_PHP tutorial
The problem of not being able to upload files caused by the is_uploaded_file function_PHP tutorial
Cause:
In a project, I received feedback from users that all of their customers could not upload files and all returned failures. After investigation, it was found that the is_uploaded_file function in PHP was causing trouble.
Detailed analysis:
Under normal circumstances, when uploading files through PHP, you need to use the is_uploaded_file function to determine whether the file is uploaded through HTTP POST. This can be used Ensure that malicious users cannot trick scripts into accessing otherwise inaccessible files, such as /etc/passwd.
The problem encountered this time is that the tmp_name that should have been C:/WINDOWS/Temp/php99.tmp has become C://WINDOWS //Temp//php99.tmp, resulting in is_uploaded_file The function returns incorrect information.
Processing method:
After adding the following code, the problem is solved.
$file['tmp_name'] = str_replace('////', '//', $file['tmp_name']);
Note that the actual string "////" is two A /, the other two are used to express escape.
In-depth study:
Why does this happen in a specific environment of dictation? Let’s take a look at the following analysis:
; Magic quotes for incoming GET /POST/Cookie data.
magic_quotes_gpc = On
In the default configuration of PHP, magic_quotes_gpc is On, and the PHP environment with the magic_quotes_gpc parameter turned on will automatically add addslashes effects to GET/POST /Cookie. Note that addslashes will not be added to $_FILES.
When magic_quotes_gpc is Off, a problem occurs because the addslashes function is added to the $_FILES array. This problem will also occur in PHP environments where magic_quotes_gpc is Off.
By the way, the MooPHP code on SVN has fixed this problem.
is_uploaded_file function analysis:
Determine whether the file is uploaded through HTTP POST
bool is_uploaded_file ( string $filename )
If filename is given Returns TRUE if the file was uploaded via HTTP POST. This can be used to ensure that a malicious user cannot trick a script into accessing otherwise inaccessible files, such as /etc/passwd. This check is particularly important if the uploaded file is likely to cause its content to be displayed to the user or other users of the system.
In order for the is_uploaded_file() function to work properly, a variable similar to $_FILES['userfile']['tmp_name'] must be specified, and in the file name uploaded from the client $_FILES['userfile ']['name'] does not work properly.
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
1359
52
Hongmeng native application random poetry
Feb 19, 2024 pm 01:36 PM
To learn more about open source, please visit: 51CTO Hongmeng Developer Community https://ost.51cto.com Running environment DAYU200:4.0.10.16SDK: 4.0.10.15IDE: 4.0.600 1. To create an application, click File- >newFile->CreateProgect. Select template: [OpenHarmony] EmptyAbility: Fill in the project name, shici, application package name com.nut.shici, and application storage location XXX (no Chinese, special characters, or spaces). CompileSDK10, Model: Stage. Device
How to upload files to 123 cloud disk
Feb 24, 2024 pm 05:30 PM
How to upload files to 123 Cloud Disk? You can upload files to 123 Cloud Disk for storage, but most friends don’t know how to upload files to 123 Cloud Disk. Next is the picture and text of how to upload files to 123 Cloud Disk brought by the editor for players. Tutorial, interested users come and take a look! How to upload files on 123 Cloud Disk 1. First open 123 Cloud Disk and enter the main page, register or log in to the account; 2. Then enter the page as shown below, click the [Upload] button guided by the arrow; 3. Then the bottom will expand In the function bar window, click the [Select File] function; 4. Finally, select the file to be uploaded and wait patiently for the upload to complete.
Use java's File.length() function to get the size of the file
Jul 24, 2023 am 08:36 AM
Use Java's File.length() function to get the size of a file. File size is a very common requirement when dealing with file operations. Java provides a very convenient way to get the size of a file, that is, using the length() method of the File class. . This article will introduce how to use this method to get the size of a file and give corresponding code examples. First, we need to create a File object to represent the file we want to get the size of. Here is how to create a File object: Filef
How to convert php blob to file
Mar 16, 2023 am 10:47 AM
How to convert php blob to file: 1. Create a php sample file; 2. Through "function blobToFile(blob) {return new File([blob], 'screenshot.png', { type: 'image/jpeg' })} ” method can be used to convert Blob to File.
Rename files using java's File.renameTo() function
Jul 25, 2023 pm 03:45 PM
Use Java's File.renameTo() function to rename files. In Java programming, we often need to rename files. Java provides the File class to handle file operations, and its renameTo() function can easily rename files. This article will introduce how to use Java's File.renameTo() function to rename files and provide corresponding code examples. The File.renameTo() function is a method of the File class.
Use java's File.getParentFile() function to get the parent directory of the file
Jul 27, 2023 am 11:45 AM
Use java's File.getParentFile() function to get the parent directory of a file. In Java programming, we often need to operate files and folders. When we need to get the parent directory of a file, we can use the File.getParentFile() function provided by Java. This article explains how to use this function and provides code examples. File class in Java is the main class used to operate files and folders. It provides many methods to obtain and manipulate file properties
Use java's File.getParent() function to get the parent path of the file
Jul 24, 2023 pm 01:40 PM
Use java's File.getParent() function to get the parent path of a file. In Java programming, we often need to operate files and folders. Sometimes, we need to get the parent path of a file, which is the path of the folder where the file is located. Java's File class provides the getParent() method to obtain the parent path of a file or folder. The File class is Java's abstract representation of files and folders. It provides a series of methods for operating files and folders. Among them, get
How to upload files to Nut Cloud
Feb 27, 2024 pm 03:58 PM
Nut Cloud is an efficient file management tool dedicated to providing users with intelligent file saving and synchronization services. It has powerful data synchronization and backup functions to ensure that users' data is safe. A series of functions of Nut Cloud are designed to meet the needs of users in different scenarios and provide an excellent user experience. So how to upload files in the Nut Cloud app? This tutorial guide will give you a detailed introduction to the steps. I hope it can help everyone in need. How to upload files to Nut Cloud? 1. On the My Files page, click on My Nut Cloud to open it. 2. On the opened page, click the plus icon in the lower right corner. 3. In the options that pop up at the bottom, click Upload from SD card. 4. In the opened mobile phone storage, select the file.
