Home > Backend Development > PHP Tutorial > is_uploaded_file doubt_PHP tutorial

is_uploaded_file doubt_PHP tutorial

WBOY
Release: 2016-07-13 10:51:33
Original
1184 people have browsed it




is_uploaded_file doubt

Returns TRUE if the file given by filename was uploaded via HTTP POST. This can be used to ensure that malicious users cannot trick scripts into accessing files that are otherwise inaccessible, such as /etc/passwd
What does /etc/passwd here refer to? I hope friends can help me explain in detail (malicious users cannot deceive scripts to access files that are not accessible). What does this paragraph mean? What does it mean to access files that are not accessible? Thank you for your guidance, heroes
$classnotes = "./".$_FILES['classnotes']['name'];

copy($_FILES['classnotes']['tmp_name'],"./classnotes/".basename($classnotes));


Copy the code if(is_uploaded_file($_FILES['classnotes']['tmp_name'])){

copy($_FILES['classnotes']['tmp_name'],"./classnotes/".$_FILES['classnotes']['name']);

}else{

echo "Upload failed";

}


Copy the code Is there any difference between the above two pieces of code in a security sense?

[ ]

Let me answer




D8888D reply content------------------------------------------------- ----------
/etc/passwd is the user password file in Linux

D8888D reply content------------------------------------------------- ----------
The original post was published by klgd on 2009-3-6 15:14 [url=http://bbs.111cn.cn/redirect.php?goto=findpost&pid=895665&ptid=107360]Link tag [img]http://bbs. 111cn.cn/images/common/back.gif[/img][/url]
/etc/passwd is the user password file in Linux
Thanks for this friend:-)

D8888D reply content------------------------------------------------- ----------
If a /etc/passwd is maliciously constructed, the first one will be executed directly


www.bkjia.comtruehttp: //www.bkjia.com/PHPjc/632553.htmlTechArticleis_uploaded_file doubt Returns TRUE if the file given by filename is uploaded via HTTP POST. This can be used to ensure that a malicious user cannot trick a script into accessing something it would not otherwise be able to access...
Related labels:
source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template