The is_uploaded_file function cannot upload files.
Source: Internet
Author: User
Failed to upload files. After investigation, it is found that the is_uploaded_file function in PHP is playing tricks. The following is a specific solution. if you have similar cases, refer
Cause:
In a project, if a user reports that all its customers cannot upload files, a failure is returned. It is found that the is_uploaded_file function in PHP is playing tricks.
Detail analysis:
Under normal circumstances, to upload a file through PHP, you need to use the is_uploaded_file function to determine whether the file was uploaded through http post, this can be used to prevent malicious users from spoofing scripts to access files that cannot be accessed, such as/etc/passwd.
The problem this time is that tmp_name, which should have been like C:/WINDOWS/Temp/php99.tmp, is changed to C: // WINDOWS // Temp/php99.tmp, the is_uploaded_file function returns an error message.
Processing method:
After the following code is added, the problem is solved.
$ File ['tmp _ name'] = str_replace ('///', '//', $ file ['tmp _ name']);
Note: the actual "//" string is two/s, and the other two are used to indicate escape.
In-depth research:
Why does this happen in a specific stage? let's look at the following analysis:
; Magic quotes for incoming GET/POST/Cookie data.
Magic_quotes_gpc = On
In the default configuration of PHP, magic_quotes_gpc is On, and the PHP environment that opens the magic_quotes_gpc parameter automatically adds addslashes effect to GET/POST/Cookie. Note that the addslashes effect is not added for $ _ FILES.
When magic_quotes_gpc is Off, an error occurs because addslashes is added to the $ _ FILES array. This problem occurs in the PHP environment where magic_quotes_gpc is Off.
By the way, the MooPHP code on SVN has fixed this problem.
Parsing the is_uploaded_file function:
Determine whether the file is uploaded through HTTP POST
Bool is_uploaded_file (string $ filename)
If the file given by filename is uploaded through http post, TRUE is returned. This can be used to prevent malicious users from spoofing scripts to access files that cannot be accessed, such as/etc/passwd. This check is especially important. if the uploaded file may display the content to the user or other users in the system.
To enable the is_uploaded_file () function to work normally, a variable similar to $ _ FILES ['userfile'] ['tmp _ name'] must be specified, the file name $ _ FILES ['userfile'] ['name'] uploaded from the client does not work properly.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
