<?
if ($_REQUEST["answered"] == "ok") {
echo "<pre>";
echo $_SERVER["SERVER_SOFTWARE"] . "\n\n";
if (is_uploaded_file($_FILES["userfile"]["tmp_name"]))
echo "It really is an Uploaded File!\n";
else
echo "It is NOT\n";
echo "These are the contents of the \$_FILES array :: \n";
print_r($_FILES);
echo "</pre>";
} else {
?>
<form name="forma" action="file_problem.php" method="post" ENCTYPE="multipart/form-data">
<input type="file" name="userfile">
<input type="hidden" name="answered" value="ok">
<input type="submit">
</form>
<?}?>
**** This is the result when we run it in PHP 4.1.2 browsing a real file from our disk:
Apache/1.3.24 (Unix) PHP/4.1.2
It really is an Uploaded File!
These are the contents of the $_FILES array ::
Array
(
[userfile] => Array
(
[name] => wtrs.audit
[type] => text/plain
[tmp_name] => /var/tmp/phpTMaO4e
[size] => 30313
)
)
**** And this is the result in PHP 4.2.2 :
Apache/1.3.26 (Unix) PHP/4.2.2
It really is an Uploaded File!
These are the contents of the $_FILES array ::
Array
(
[userfile] => Array
(
[name] => wtrs.audit
[type] => text/plain
[tmp_name] => /var/tmp/phpU6a4fK
[error] => 0
[size] => 30313
)
)
Everything seems to work fine, In fact in 4.2.2 we have a nice variable "error" in the array to be sure that there was no error during the upload.
BUT!
If we select a 0 byte file from our disk or if we simply write a bogus name in the userfile field before submiting the form we have these VERY different results:
**** In PHP 4.1.2:
Apache/1.3.24 (Unix) PHP/4.1.2
It is NOT
These are the contents of the $_FILES array ::
Array
(
[userfile] => Array
(
[name] => sdfsdf
[type] => application/octet-stream
[tmp_name] => none
[size] => 0
)
)
... very nice, we can use the "none" in the tmp_name to determine that this is not a correct file and that we don't have to move it to our directory maybe damaging an already stored file with that name.
*** In PHP 4.2.2 :
Apache/1.3.26 (Unix) PHP/4.2.2
It really is an Uploaded File!
These are the contents of the $_FILES array ::
Array
(
[userfile] => Array
(
[name] => sdfsdf
[type] => application/octet-stream
[tmp_name] => /var/tmp/phpNaaagK
[error] => 0
[size] => 0
)
)
... this is bad because PHP assumes a file was uploaded and creates a tmp_file in the server, also it doesn't report an error in the "error" variable of the array, and of course is_uploaded_file returns true.
Now we have no way to determine if the uploaded file was really a file and we will finish coding something like "IF FILESIZE IS 0 THEN DISCARD THE UPLOAD", but then we won't be able to upload 0 byte files (as we could in earlier version of PHP).
Is this a bug? any ideas of working this arround?
Constructions like these won't work any more:
if (!empty($userfile_name) && is_uploaded_file($userfile))
move_uploaded_file($userfile, "$ruta2".$userfile_name);
...assuming that register_globals is on; or:
$userfile = $_FILE["userfile"]["tmp_name"];
$userfile_name = $_FILE["userfile"]["name"];
if ( $userfile != 'none' && is_uploaded_file($userfile))
move_uploaded_file($userfile, "$ruta2".$userfile_name);
... if register_globals are off.
--
http://www.php.net/manual/en/features.file-upload.php
http://master.php.net/manage/user-notes.php?action=edit+23727
http://master.php.net/manage/user-notes.php?action=delete+23727
http://master.php.net/manage/user-notes.php?action=reject+23727