PHP - Should I sanitize $_FILES["filename"]["tmp_name"]

Before I call move_u开发者_Go百科ploaded_file, should I do anything about this specific variable:

$_FILES["filename"]["tmp_name"]

Thank you

No. That's generated and assigned by PHP, and will be useless/invalid the moment your script exits, as PHP will delete any uploaded files which you have not dealt with yet. It'll be something like "/tmp/a34632rsfd234". There's no point in preserving its value. However, $_FILES['filename']['name'] is the original filename of the file from the client's machine, and if you're preseving that, then you need to treat it as toxic waste and sanitize it.

There's not much you can do with the variable itself, but you should test the file to ensure that it is of the type you were expecting—an image, for example. Never rely on the file extension for determining the file type. Don't, for example, assume that something with a .jpg extension is actually a JPEG file.

No because the value in there will always be a valid filename for the file system (since it points to a file on the disk).