Validating user input in shell script
This feature lets people upload both text and binary files.
If no file is selected for upload in your form, PHP will return For the love of god, don't do what michael suggests in or you will be instantly pwned by someone uploading a php-shell to your script dir.
PHP is capable of receiving file uploads from any RFC-1867 compliant browser.
hidden field (measured in bytes) must precede the file input field, and its value is the maximum filesize accepted by PHP.
It is merely a convenience feature for users on the client side of the application.
The PHP settings (on the server side) for maximum-size, however, cannot be fooled.
For clarity; the reason you would NOT want to replace the example script with$uploaddir = './';is because if you have no coded file constraints a nerd could upload a php script with the same name of one of your scripts in the scripts directory.