<?xml version="1.0" encoding="utf-8"?>
<!-- $Revision$ -->
<refentry xmlns="http://docbook.org/ns/docbook" xml:id="function.is-uploaded-file">
 <refnamediv>
  <refname>is_uploaded_file</refname>
  <refpurpose>Tells whether the file was uploaded via HTTP POST</refpurpose>
 </refnamediv>
 
 <refsect1 role="description">
  &reftitle.description;
  <methodsynopsis>
   <type>bool</type><methodname>is_uploaded_file</methodname>
   <methodparam><type>string</type><parameter>filename</parameter></methodparam>
  </methodsynopsis>
  <para>
   Returns &true; if the file named by <parameter>filename</parameter> was
   uploaded via HTTP POST. This is useful to help ensure that a
   malicious user hasn't tried to trick the script into working on
   files upon which it should not be working--for instance,
   <filename>/etc/passwd</filename>.
  </para>
  <para>
   This sort of check is especially important if there is any chance
   that anything done with uploaded files could reveal their
   contents to the user, or even to other users on the same
   system.
  </para>
  <para>
   For proper working, the function <function>is_uploaded_file</function> needs
   an argument like <varname>$_FILES['userfile']['tmp_name']</varname>, - the name of the uploaded
   file on the client's machine <varname>$_FILES['userfile']['name']</varname> does not work.
  </para>
 </refsect1>

 <refsect1 role="parameters">
  &reftitle.parameters;
  <para>
   <variablelist>
    <varlistentry>
     <term><parameter>filename</parameter></term>
     <listitem>
      <para>
       The filename being checked.
      </para>
     </listitem>
    </varlistentry>
   </variablelist>
  </para>
 </refsect1>

 <refsect1 role="returnvalues">
  &reftitle.returnvalues;
  <para>
   &return.success;
  </para>
 </refsect1>

 <refsect1 role="examples">
  &reftitle.examples;
  <para>
   <example>
    <title><function>is_uploaded_file</function> example</title>
    <programlisting role="php">
<![CDATA[
<?php

if (is_uploaded_file($_FILES['userfile']['tmp_name'])) {
   echo "File ". $_FILES['userfile']['name'] ." uploaded successfully.\n";
   echo "Displaying contents\n";
   readfile($_FILES['userfile']['tmp_name']);
} else {
   echo "Possible file upload attack: ";
   echo "filename '". $_FILES['userfile']['tmp_name'] . "'.";
}

?>]]>
    </programlisting>
   </example>
  </para>
 </refsect1>

 <refsect1 role="seealso">
  &reftitle.seealso;
  <para>
   <simplelist>
    <member><function>move_uploaded_file</function></member>
    <member><varname>$_FILES</varname></member>
    <member>See <link linkend="features.file-upload">Handling file uploads</link> for a simple usage example.</member>
   </simplelist>
  </para>
 </refsect1>
 
</refentry>

<!-- Keep this comment at the end of the file
Local variables:
mode: sgml
sgml-omittag:t
sgml-shorttag:t
sgml-minimize-attributes:nil
sgml-always-quote-attributes:t
sgml-indent-step:1
sgml-indent-data:t
indent-tabs-mode:nil
sgml-parent-document:nil
sgml-default-dtd-file:"~/.phpdoc/manual.ced"
sgml-exposed-tags:nil
sgml-local-catalogs:nil
sgml-local-ecat-files:nil
End:
vim600: syn=xml fen fdm=syntax fdl=2 si
vim: et tw=78 syn=sgml
vi: ts=1 sw=1
-->