<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<HTML
><HEAD
><TITLE
>is_uploaded_file</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.79"><LINK
REL="HOME"
TITLE="PHP 手册"
HREF="index.html"><LINK
REL="UP"
TITLE="Filesystem 文件系统函数"
HREF="ref.filesystem.html"><LINK
REL="PREVIOUS"
TITLE="is_readable"
HREF="function.is-readable.html"><LINK
REL="NEXT"
TITLE="is_writable"
HREF="function.is-writable.html"><META
HTTP-EQUIV="Content-type"
CONTENT="text/html; charset=UTF-8"></HEAD
><BODY
CLASS="refentry"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><DIV
CLASS="NAVHEADER"
><TABLE
SUMMARY="Header navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TH
COLSPAN="3"
ALIGN="center"
>PHP 手册</TH
></TR
><TR
><TD
WIDTH="10%"
ALIGN="left"
VALIGN="bottom"
><A
HREF="function.is-readable.html"
ACCESSKEY="P"
>上一页</A
></TD
><TD
WIDTH="80%"
ALIGN="center"
VALIGN="bottom"
></TD
><TD
WIDTH="10%"
ALIGN="right"
VALIGN="bottom"
><A
HREF="function.is-writable.html"
ACCESSKEY="N"
>下一页</A
></TD
></TR
></TABLE
><HR
ALIGN="LEFT"
WIDTH="100%"></DIV
><H1
><A
NAME="function.is-uploaded-file"
></A
>is_uploaded_file</H1
><DIV
CLASS="refnamediv"
><A
NAME="AEN54089"
></A
><P
> (PHP 3 >= 3.0.17, PHP 4 >= 4.0.3, PHP 5)</P
>is_uploaded_file -- 判断文件是否是通过 HTTP POST 上传的</DIV
><DIV
CLASS="refsect1"
><A
NAME="AEN54092"
></A
><H2
>说明</H2
>bool <B
CLASS="methodname"
>is_uploaded_file</B
> ( string filename )<BR
></BR
><P
> 如果 <CODE
CLASS="parameter"
>filename</CODE
> 所给出的文件是通过
HTTP POST 上传的则返回 <TT
CLASS="constant"
><B
>TRUE</B
></TT
>。这可以用来确保恶意的用户无法欺骗脚本去访问本不能访问的文件,例如
<TT
CLASS="filename"
>/etc/passwd</TT
>。
</P
><P
> 这种检查显得格外重要,如果上传的文件有可能会造成对用户或本系统的其他用户显示其内容的话。
</P
><P
> 为了能使 <B
CLASS="function"
>is_uploaded_file()</B
> 函数正常工作,必段指定类似于
$_FILES['userfile']['tmp_name'] 的变量,而在从客户端上传的文件名
$_FILES['userfile']['name'] 不能正常运作。
</P
><TABLE
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
CLASS="EXAMPLE"
><TR
><TD
><DIV
CLASS="example"
><A
NAME="AEN54107"
></A
><P
><B
>例 1. <B
CLASS="function"
>is_uploaded_file()</B
> 例子</B
></P
><TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
CELLPADDING="5"
><TR
><TD
><code><font color="#000000">
<font color="#0000BB"><?php<br /><br /></font><font color="#007700">if (</font><font color="#0000BB">is_uploaded_file</font><font color="#007700">(</font><font color="#0000BB">$_FILES</font><font color="#007700">[</font><font color="#DD0000">'userfile'</font><font color="#007700">][</font><font color="#DD0000">'tmp_name'</font><font color="#007700">])) {<br /> echo </font><font color="#DD0000">"File "</font><font color="#007700">. </font><font color="#0000BB">$_FILES</font><font color="#007700">[</font><font color="#DD0000">'userfile'</font><font color="#007700">][</font><font color="#DD0000">'name'</font><font color="#007700">] .</font><font color="#DD0000">" uploaded successfully.\n"</font><font color="#007700">;<br /> echo </font><font color="#DD0000">"Displaying contents\n"</font><font color="#007700">;<br /> </font><font color="#0000BB">readfile</font><font color="#007700">(</font><font color="#0000BB">$_FILES</font><font color="#007700">[</font><font color="#DD0000">'userfile'</font><font color="#007700">][</font><font color="#DD0000">'tmp_name'</font><font color="#007700">]);<br />} else {<br /> echo </font><font color="#DD0000">"Possible file upload attack: "</font><font color="#007700">;<br /> echo </font><font color="#DD0000">"filename '"</font><font color="#007700">. </font><font color="#0000BB">$_FILES</font><font color="#007700">[</font><font color="#DD0000">'userfile'</font><font color="#007700">][</font><font color="#DD0000">'tmp_name'</font><font color="#007700">] . </font><font color="#DD0000">"'."</font><font color="#007700">;<br />}<br /><br /></font><font color="#0000BB">?></font>
</font>
</code></TD
></TR
></TABLE
></DIV
></TD
></TR
></TABLE
><P
> <B
CLASS="function"
>is_uploaded_file()</B
> 仅可用于
PHP 3 的 3.0.16 版之后,以及 PHP 4 的 4.0.2
版之后。如果执意要用老版本,可以用下面的函数来保护自己:
<DIV
CLASS="note"
><BLOCKQUOTE
CLASS="note"
><P
><B
>注意: </B
>
以下例子<SPAN
CLASS="emphasis"
><I
CLASS="emphasis"
>不能</I
></SPAN
>用于
PHP 4 的 4.0.2 版之后。它依赖的 PHP 内部函数在该版本之后改变了。
</P
></BLOCKQUOTE
></DIV
>
</P
><TABLE
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
CLASS="EXAMPLE"
><TR
><TD
><DIV
CLASS="example"
><A
NAME="AEN54116"
></A
><P
><B
>例 2. <B
CLASS="function"
>is_uploaded_file()</B
> 可运行于 PHP 4 < 4.0.3 的例子</B
></P
><TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
CELLPADDING="5"
><TR
><TD
><code><font color="#000000">
<font color="#0000BB"><?php<br /></font><font color="#FF8000">/* Userland test for uploaded file. */<br /></font><font color="#007700">function </font><font color="#0000BB">is_uploaded_file_4_0_2</font><font color="#007700">(</font><font color="#0000BB">$filename</font><font color="#007700">)<br />{<br /> if (!</font><font color="#0000BB">$tmp_file </font><font color="#007700">= </font><font color="#0000BB">get_cfg_var</font><font color="#007700">(</font><font color="#DD0000">'upload_tmp_dir'</font><font color="#007700">)) {<br /> </font><font color="#0000BB">$tmp_file </font><font color="#007700">= </font><font color="#0000BB">dirname</font><font color="#007700">(</font><font color="#0000BB">tempnam</font><font color="#007700">(</font><font color="#DD0000">''</font><font color="#007700">, </font><font color="#DD0000">''</font><font color="#007700">));<br /> }<br /> </font><font color="#0000BB">$tmp_file </font><font color="#007700">.= </font><font color="#DD0000">'/' </font><font color="#007700">. </font><font color="#0000BB">basename</font><font color="#007700">(</font><font color="#0000BB">$filename</font><font color="#007700">);<br /> </font><font color="#FF8000">/* User might have trailing slash in php.ini... */<br /> </font><font color="#007700">return (</font><font color="#0000BB">ereg_replace</font><font color="#007700">(</font><font color="#DD0000">'/+'</font><font color="#007700">, </font><font color="#DD0000">'/'</font><font color="#007700">, </font><font color="#0000BB">$tmp_file</font><font color="#007700">) == </font><font color="#0000BB">$filename</font><font color="#007700">);<br />}<br /><br /></font><font color="#FF8000">/* This is how to use it, since you also don't have<br /> * move_uploaded_file() in these older versions: */<br /></font><font color="#007700">if (</font><font color="#0000BB">is_uploaded_file_4_0_2</font><font color="#007700">(</font><font color="#0000BB">$HTTP_POST_FILES</font><font color="#007700">[</font><font color="#DD0000">'userfile'</font><font color="#007700">])) {<br /> </font><font color="#0000BB">copy</font><font color="#007700">(</font><font color="#0000BB">$HTTP_POST_FILES</font><font color="#007700">[</font><font color="#DD0000">'userfile'</font><font color="#007700">], </font><font color="#DD0000">"/place/to/put/uploaded/file"</font><font color="#007700">);<br />} else {<br /> echo </font><font color="#DD0000">"Possible file upload attack: filename '$HTTP_POST_FILES</font><font color="#007700">[</font><font color="#DD0000">userfile</font><font color="#007700">]</font><font color="#DD0000">'."</font><font color="#007700">;<br />}<br /></font><font color="#0000BB">?></font>
</font>
</code></TD
></TR
></TABLE
></DIV
></TD
></TR
></TABLE
><P
> 参见 <A
HREF="function.move-uploaded-file.html"
><B
CLASS="function"
>move_uploaded_file()</B
></A
>,以及<A
HREF="features.file-upload.html"
>文件上传处理</A
>一章中的简单使用例子。
</P
></DIV
><DIV
CLASS="NAVFOOTER"
><HR
ALIGN="LEFT"
WIDTH="100%"><TABLE
SUMMARY="Footer navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
><A
HREF="function.is-readable.html"
ACCESSKEY="P"
>上一页</A
></TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="index.html"
ACCESSKEY="H"
>起始页</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
><A
HREF="function.is-writable.html"
ACCESSKEY="N"
>下一页</A
></TD
></TR
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
>is_readable</TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="ref.filesystem.html"
ACCESSKEY="U"
>上一级</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
>is_writable</TD
></TR
></TABLE
></DIV
></BODY
></HTML
>
