Drongo_III Posted April 22, 2012 Share Posted April 22, 2012 Hi guys Sorry i keep asking noob questions today... I'm working on something that has a user facing image upload facility. So i'm slowly working through a class to make this as secure as possible. One of the tips online is to use the method "is_uploaded_file ( )". According to php.net - "Returns TRUE if the file named by filename was uploaded via HTTP POST. This is useful to help ensure that a malicious user hasn't tried to trick the script into working on files upon which it should not be working--for instance, /etc/passwd. " I'm not one to just use things without understanding why. So how exactly could someone get a script to work on an internal file via a browse/upload facility? Quote Link to comment Share on other sites More sharing options...
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.