Hi, sorry if this is one of those oft-answered questions, but...
I am using the script below to upload a file to the server, however if I
upload a file, say, 'pamnude.jpg' then the tmp path, file name and file size
are returned but not the mimetype. Why could this be?
Also, I read about there being a bug where arbitrary files could be
specified as the file parameter and cause files on the server to be
processed. This can be checked with the is_uploaded_file($file) function.
The example on the php.net site was /etc/passwd
Using the script below, I used /etc/passwd as the file name (or even if I
entered no file name, or any garbage text) and I always get the 'True'
response.
What am I doing wrong?
Finally, is there any way of uploading that won't cause the file to be saved
to the server, but be handled directly by a script to a database?
Thanks
Lee
<?php
if(!$ulfile_size)
{
$source=$HTTP_POST_FILES['ulfile']['tmp_name'];
$name=$HTTP_POST_FILES['ulfile']['name'];
$mimetype=$HTTP_POST_FILES['ulfile']['type'];
$size=$HTTP_POST_FILES['ulfile']['size'];
echo "$source<br>$name<br>$mimetype<br>$size";
}
if(is_uploaded_file($ulfile))
{
echo"True";
}
else
{
echo"False";
}
echo"
<html>
<head>
</head>
<body>
<form enctype='multipart/form-data' method='post' action='$PHP_SELF'>
<br>
File to upload: <input type='file' name='ulfile' id='ulfile'>
<br>
<input type=submit name='Upload' value='Upload File'><br>
</form>
</body>
</html>
";
?>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
