Mark wrote: > hey, > > i`m wondering if it`s possible to move a uploaded file inside a variable. > i would like to know this because i`m currently writing a database backup > script and in there the user uploads a sql file that gets executed. now i > _don`t_ want the file to be stored on the server!! simply because that`s > not > safe. however i do want to store it inside a variable and than run the > database query. > > any idea`s on this? Hi Mark, Instead of move_uploaded_file($uploaded, $newlocation), use: <?php $var = file_get_contents($uploaded); ?> HOWEVER, what you are doing is a *really* bad idea regardless of where you save the uploaded file. No matter how much you trust your end users, running SQL uploaded directly on the database is extremely dangerous. Instead, you should define a simple set of questions based on the user and the databases they have access to, i.e. a multi-select box that allows the user to select which databases to backup, and possibly allow an .ini file to be uploaded defining which tables in databases to back up, and then from the .ini file construct the actual SQL that will be run. Your ini-to-sql script should also contain verification to ensure that, for instance, the user is not requesting to "back up" the mysql table and acquire all the people's accounts/passwords. If the user wishes to back up the user_blah database, tables foo and bar, your ini could be: [user_blah] tables = foo,bar Or, for all: [user_blah] tables = * Otherwise, you're just asking to get shot in the digital foot. Good luck, Greg -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
