php code:
if (is_uploaded_file($_FILES['classnotes']['tmp_name'])) {
copy($_FILES['classnotes']['tmp_name'],
"/www/htdocs/classnotes/".$_FILES['classnotes']['name']);
} else {
echo "
Potential script abuse attempt detected.
";
}
?>
In the revised script, is_uploaded_file() checks whether the file denoted by
$_FILES['classnotes']['tmp_name'] has indeed been uploaded. If the answer is yes,
the file is copied to the desired destination. Otherwise, an appropriate error message
is displayed.
Moving an Uploaded File
The move_uploaded_file() function was introduced in version 4.0.3 as a convenient
means for moving an uploaded file from the temporary directory to a final location.
Its prototype follows:
boolean move_uploaded_file(string filename, string destination)
CHAPTER 15 ?– HANDL ING F ILE UPLOADS 393
Although copy() works equally well, move_uploaded_file() offers one additional
feature that this function does not. It will check to ensure that the file denoted by the
filename input parameter was in fact uploaded via PHP??™s HTTP POST upload mechanism.
If the file has not been uploaded, the move will fail and a FALSE value will be
returned. Because of this, you can forgo using is_uploaded_file() as a precursor condition
to using move_uploaded_file().
Using move_uploaded_file() is simple. Consider a scenario in which you want to
move the uploaded class notes file to the directory /www/htdocs/classnotes/, while
also preserving the file name as specified on the client:
move_uploaded_file($_FILES['classnotes']['tmp_name'],
"/www/htdocs/classnotes/".
Pages:
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474