Hi, sorry if this is one of those oft-answered questions, but... I am using the script below to upload a file to the server, however if I upload a file, say, 'pamnude.jpg' then the tmp path, file name and file size are returned but not the mimetype. Why could this be?
Also, I read about there being a bug where arbitrary files could be specified as the file parameter and cause files on the server to be processed. This can be checked with the is_uploaded_file($file) function. The example on the php.net site was /etc/passwd Using the script below, I used /etc/passwd as the file name (or even if I entered no file name, or any garbage text) and I always get the 'True' response. What am I doing wrong? Finally, is there any way of uploading that won't cause the file to be saved to the server, but be handled directly by a script to a database? Thanks Lee <?php if(!$ulfile_size) { $source=$HTTP_POST_FILES['ulfile']['tmp_name']; $name=$HTTP_POST_FILES['ulfile']['name']; $mimetype=$HTTP_POST_FILES['ulfile']['type']; $size=$HTTP_POST_FILES['ulfile']['size']; echo "$source<br>$name<br>$mimetype<br>$size"; } if(is_uploaded_file($ulfile)) { echo"True"; } else { echo"False"; } echo" <html> <head> </head> <body> <form enctype='multipart/form-data' method='post' action='$PHP_SELF'> <br> File to upload: <input type='file' name='ulfile' id='ulfile'> <br> <input type=submit name='Upload' value='Upload File'><br> </form> </body> </html> "; ?> -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php