<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="content-type" content="text/html; charset=UTF-8"> <title>Tells whether the file was uploaded via HTTP POST</title> </head> <body><div class="manualnavbar" style="text-align: center;"> <div class="prev" style="text-align: left; float: left;"><a href="function.is-readable.html">is_readable</a></div> <div class="next" style="text-align: right; float: right;"><a href="function.is-writable.html">is_writable</a></div> <div class="up"><a href="ref.filesystem.html">Filesystem Functions</a></div> <div class="home"><a href="index.html">PHP Manual</a></div> </div><hr /><div id="function.is-uploaded-file" class="refentry"> <div class="refnamediv"> <h1 class="refname">is_uploaded_file</h1> <p class="verinfo">(PHP 4 >= 4.0.3, PHP 5)</p><p class="refpurpose"><span class="refname">is_uploaded_file</span> — <span class="dc-title">Tells whether the file was uploaded via HTTP POST</span></p> </div> <div class="refsect1 description" id="refsect1-function.is-uploaded-file-description"> <h3 class="title">Description</h3> <div class="methodsynopsis dc-description"> <span class="type">bool</span> <span class="methodname"><strong>is_uploaded_file</strong></span> ( <span class="methodparam"><span class="type">string</span> <code class="parameter">$filename</code></span> )</div> <p class="para rdfs-comment"> Returns <strong><code>TRUE</code></strong> if the file named by <em><code class="parameter">filename</code></em> was uploaded via HTTP POST. This is useful to help ensure that a malicious user hasn't tried to trick the script into working on files upon which it should not be working--for instance, <var class="filename">/etc/passwd</var>. </p> <p class="para"> This sort of check is especially important if there is any chance that anything done with uploaded files could reveal their contents to the user, or even to other users on the same system. </p> <p class="para"> For proper working, the function <span class="function"><strong>is_uploaded_file()</strong></span> needs an argument like <var class="varname"><var class="varname"><a href="reserved.variables.files.html" class="classname">$_FILES['userfile']['tmp_name']</a></var></var>, - the name of the uploaded file on the client's machine <var class="varname"><var class="varname"><a href="reserved.variables.files.html" class="classname">$_FILES['userfile']['name']</a></var></var> does not work. </p> </div> <div class="refsect1 parameters" id="refsect1-function.is-uploaded-file-parameters"> <h3 class="title">Parameters</h3> <p class="para"> <dl> <dt> <span class="term"><em><code class="parameter">filename</code></em></span> <dd> <p class="para"> The filename being checked. </p> </dd> </dt> </dl> </p> </div> <div class="refsect1 returnvalues" id="refsect1-function.is-uploaded-file-returnvalues"> <h3 class="title">Return Values</h3> <p class="para"> Returns <strong><code>TRUE</code></strong> on success or <strong><code>FALSE</code></strong> on failure. </p> </div> <div class="refsect1 examples" id="refsect1-function.is-uploaded-file-examples"> <h3 class="title">Examples</h3> <p class="para"> <div class="example" id="example-2404"> <p><strong>Example #1 <span class="function"><strong>is_uploaded_file()</strong></span> example</strong></p> <div class="example-contents"> <div class="phpcode"><code><span style="color: #000000"> <span style="color: #0000BB"><?php<br /><br /></span><span style="color: #007700">if (</span><span style="color: #0000BB">is_uploaded_file</span><span style="color: #007700">(</span><span style="color: #0000BB">$_FILES</span><span style="color: #007700">[</span><span style="color: #DD0000">'userfile'</span><span style="color: #007700">][</span><span style="color: #DD0000">'tmp_name'</span><span style="color: #007700">])) {<br /> echo </span><span style="color: #DD0000">"File "</span><span style="color: #007700">. </span><span style="color: #0000BB">$_FILES</span><span style="color: #007700">[</span><span style="color: #DD0000">'userfile'</span><span style="color: #007700">][</span><span style="color: #DD0000">'name'</span><span style="color: #007700">] .</span><span style="color: #DD0000">" uploaded successfully.\n"</span><span style="color: #007700">;<br /> echo </span><span style="color: #DD0000">"Displaying contents\n"</span><span style="color: #007700">;<br /> </span><span style="color: #0000BB">readfile</span><span style="color: #007700">(</span><span style="color: #0000BB">$_FILES</span><span style="color: #007700">[</span><span style="color: #DD0000">'userfile'</span><span style="color: #007700">][</span><span style="color: #DD0000">'tmp_name'</span><span style="color: #007700">]);<br />} else {<br /> echo </span><span style="color: #DD0000">"Possible file upload attack: "</span><span style="color: #007700">;<br /> echo </span><span style="color: #DD0000">"filename '"</span><span style="color: #007700">. </span><span style="color: #0000BB">$_FILES</span><span style="color: #007700">[</span><span style="color: #DD0000">'userfile'</span><span style="color: #007700">][</span><span style="color: #DD0000">'tmp_name'</span><span style="color: #007700">] . </span><span style="color: #DD0000">"'."</span><span style="color: #007700">;<br />}<br /><br /></span><span style="color: #0000BB">?></span> </span> </code></div> </div> </div> </p> </div> <div class="refsect1 seealso" id="refsect1-function.is-uploaded-file-seealso"> <h3 class="title">See Also</h3> <p class="para"> <ul class="simplelist"> <li class="member"> <span class="function"><a href="function.move-uploaded-file.html" class="function" rel="rdfs-seeAlso">move_uploaded_file()</a> - Moves an uploaded file to a new location</span></li> <li class="member"><var class="varname"><var class="varname"><a href="reserved.variables.files.html" class="classname">$_FILES</a></var></var></li> <li class="member">See <a href="features.file-upload.html" class="link">Handling file uploads</a> for a simple usage example.</li> </ul> </p> </div> </div><hr /><div class="manualnavbar" style="text-align: center;"> <div class="prev" style="text-align: left; float: left;"><a href="function.is-readable.html">is_readable</a></div> <div class="next" style="text-align: right; float: right;"><a href="function.is-writable.html">is_writable</a></div> <div class="up"><a href="ref.filesystem.html">Filesystem Functions</a></div> <div class="home"><a href="index.html">PHP Manual</a></div> </div></body></html>