in all the tutorials I've read the file upload form is first submitted and then the file in the temporary directory is evaluated to decide whether it should be moved to the permanent directory ... my question is : what's the point of that ?
if the file was uploaded by an attacker and it's executable wouldn't it harm the system before it's evaluated and deleted ? other than that , does the user have to wait for the file to be uploaded just to find out that the file can't be uploaded because it doesn't have the expected format ?
I guess it's better to use some kind client-side code for that but I'm asking since no one was bringing that up as an option
(if it's better to evaluate the file using client-side code , how is it done ? )
thanks in advance