is_uploaded_file doubt
Returns TRUE if the file given by filename was uploaded via HTTP POST. This can be used to ensure that malicious users cannot trick scripts into accessing files that are otherwise inaccessible, such as /etc/passwd
What does /etc/passwd here refer to? I hope friends can help me explain in detail (malicious users cannot deceive scripts to access files that are not accessible). What does this paragraph mean? What does it mean to access files that are not accessible? Thank you for your guidance, heroes
$classnotes = "./".$_FILES['classnotes']['name'];
copy($_FILES['classnotes']['tmp_name'],"./classnotes/".basename($classnotes));
Copy the code if(is_uploaded_file($_FILES['classnotes']['tmp_name'])){
copy($_FILES['classnotes']['tmp_name'],"./classnotes/".$_FILES['classnotes']['name']);
}else{
echo "Upload failed";
}
Copy the code Is there any difference between the above two pieces of code in a security sense?
[ ]
Let me answer
D8888D reply content------------------------------------------------- ----------
/etc/passwd is the user password file in Linux
D8888D reply content------------------------------------------------- ----------
The original post was published by klgd on 2009-3-6 15:14 [url=http://bbs.111cn.cn/redirect.php?goto=findpost&pid=895665&ptid=107360]Link tag [img]http://bbs. 111cn.cn/images/common/back.gif[/img][/url]
/etc/passwd is the user password file in Linux
Thanks for this friend:-)
D8888D reply content------------------------------------------------- ----------
If a /etc/passwd is maliciously constructed, the first one will be executed directly
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
