The moment just remember: always use that function to secure a filenameīefore storing it directly on the filesystem. Submitted form data can be forged, and filenames can be dangerous. When the user clicks the Upload Now button, the browser will post the form data along with the file contents to the script mentioned in the action attribute (. This is also true for the filename of an uploaded file. When the file is selected, it is sent to. The input type, file, enables a user to browse the local file system to select the file. This example includes a very simple HTML form with two fields, File and Destination.
![html file upload example html file upload example](https://cdn.hashnode.com/res/hashnode/image/upload/v1602999227916/9Gf56XCN2.png)
Now the problem is that there is that principle called “never trust user The fileupload example application consists of a single servlet and an HTML form that makes a file upload request to the servlet.
So what does that secure_filename() function actually do? <- make sure the attribute enctype is set to multipart/form-data ->