Isn't Using the basename function with $_FILES['userFile']['name'] Redundant?

No, first and foremost for security reasons as @Gumbo describes in his answer; secondly, because older versions of IE used to deliver the full path of the file on client side, like.

That is, using the basename function with $_FILES'userFile''name' seems rather redundant. Isn't it? No, first and foremost for security reasons as @Gumbo describes in his answer; secondly, because older versions of IE used to deliver the full path of the file on client side, like C:\Documents and Settings\Username\Desktop\Image_cropped.

Jpg that behaviour stopped as recently as IE8. From this MSDN blog entry discovered via this SO question: File Upload control Additionally, the “Include local directory path when uploading files” URLAction has been set to "Disable" for the Internet Zone. This change prevents leakage of potentially sensitive local file-system information to the Internet.

For instance, rather than submitting the full path C:\users\ericlaw\documents\secret\image. Png, Internet Explorer 8 will now submit only the filename image.png.

Ah, nice information leakage. – Gumbo Feb 27 '10 at 11:03 +1 Nice find indeed. – Gordon Feb 27 '10 at 11:04 @Gordon cheers.

@Gumbo Re the leakage: true, but it was awfully useful in Content Management Systems to save the original location of an uploaded resource. I really miss that feature. Good to know that it can be reactivated using the zone model.

– Pekka Feb 27 '10 at 11:05.

HTTP requests can be forged and thus the filename provided in the header can also be manipulated. If you want to ensure that only a filename is given, validate the value or filter it with basename to just get the filename.

Yup, this is the most important reason for basename() here. – Pekka Feb 27 '10 at 11:34 For example, you can receive ../../../etc/passwd so, without basename, you'd end up with /var/www/uploads/../../../etc/passwd == /etc/passwd – Vinko Vrsalovic Feb 27 '10 at 12:05.

Using basename() on a full path eg /path/mydir/file. Txt, returns you file.txt. Its useful when you have a full path to parse and you just want to get the last part of the path.

I cant really gove you an answer,but what I can give you is a way to a solution, that is you have to find the anglde that you relate to or peaks your interest. A good paper is one that people get drawn into because it reaches them ln some way.As for me WW11 to me, I think of the holocaust and the effect it had on the survivors, their families and those who stood by and did nothing until it was too late.