Ask a basic question, about uploading a file
S_uploaded_file and File_exists Both check the file exists? Parameters are paths, so why upload files must use Is_uploaded_file?
------to solve the idea----------------------
Oh, this is a matter of historical origin. The use of Is_uploaded_file is also entirely self-protective.
PHP provides two scenarios for handling upload files
Move_uploaded_file
And
Is_uploaded_file
Copy or rename
Both copy and rename are file system functions, not just for uploading files, of course.
So you can use the copy function to make a copy of the Linux user password file Etc/password.
PHP also provides a register_globals switch that automatically imports incoming variables into the Global variables table (php5.4 is not available at the beginning)
When this switch is turned on
will produce variables $file _name, $file _tmp, $file _type .... Equal variables
And Upload.php?file_tmp=etc/password will also produce $file _tmp variables
Then you need to know exactly what this $file _tmp is generated by type=file or by URL parameters.
Of course, this doesn't happen because PHP has a protective mechanism (which you'll find yourself).
But because the code is ever-changing, conservative is a bit more secure. There's a crisis in the point of uncertainty.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.