is_uploaded_file doubt_PHP tutorial

is_uploaded_file doubt

Returns TRUE if the file given by filename was uploaded via HTTP POST. This can be used to ensure that malicious users cannot trick scripts into accessing files that are otherwise inaccessible, such as /etc/passwd
What does /etc/passwd here refer to? I hope friends can help me explain in detail (malicious users cannot deceive scripts to access files that are not accessible). What does this paragraph mean? What does it mean to access files that are not accessible? Thank you for your guidance, heroes
$classnotes = "./".$_FILES['classnotes']['name'];

copy($_FILES['classnotes']['tmp_name'],"./classnotes/".basename($classnotes));


Copy the code if(is_uploaded_file($_FILES['classnotes']['tmp_name'])){

copy($_FILES['classnotes']['tmp_name'],"./classnotes/".$_FILES['classnotes']['name']);

}else{

echo "Upload failed";

}


Copy the code Is there any difference between the above two pieces of code in a security sense?

[ ]

Let me answer




D8888D reply content------------------------------------------------- ----------
/etc/passwd is the user password file in Linux

D8888D reply content------------------------------------------------- ----------
The original post was published by klgd on 2009-3-6 15:14 [url=http://bbs.111cn.cn/redirect.php?goto=findpost&pid=895665&ptid=107360]Link tag [img]http://bbs. 111cn.cn/images/common/back.gif[/img][/url]
/etc/passwd is the user password file in Linux
Thanks for this friend:-)

D8888D reply content------------------------------------------------- ----------
If a /etc/passwd is maliciously constructed, the first one will be executed directly

http://www.bkjia.com/PHPjc/632553.htmlwww.bkjia.comtruehttp: //www.bkjia.com/PHPjc/632553.htmlTechArticleis_uploaded_file doubt Returns TRUE if the file given by filename is uploaded via HTTP POST. This can be used to ensure that a malicious user cannot trick a script into accessing something it would not otherwise be able to access...