What did I do wrong with this upload script?

I got a sample script off of a website, and changed the directory name to the desired upload directory name as instructed in the example.  I changed it, and it didn't work!  I see PHP upload forms all over the place and want to be able to use one myself.

Here is the script for "sender.php"

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
<FORM ENCTYPE="multipart/form-data" ACTION="send.php" METHOD=POST>
<INPUT TYPE="hidden" name="MAX_FILE_SIZE" value="1000">
Send this file: <INPUT NAME="userfile" TYPE="file">
<INPUT TYPE="submit" VALUE="Send File">
</FORM>
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

and here is the "send.php" script

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
<?php
if (is_uploaded_file($userfile)) {
    copy($userfile, "d:\webspace\theheadgamester\gamesteronline.com\www\uploads\");
} else {
    echo "Possible file upload attack: filename '$userfile'.";
}
/* ...or... */
move_uploaded_file($userfile, "d:\webspace\theheadgamester\gamesteronline.com\www\uploads\");
?>
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
theheadgamesterAsked:
Who is Participating?
 
anupkaradeConnect With a Mentor Commented:
Here is the sample scripts for you
I am using it in one of my project it works smooth

Just Copy paste this code make the relevant changes as instructed in the commented portion and you have

the answer here


<--! The First Page where the image is browsed for uploading--->

<HTML>
<HEAD>
<TITLE>Upload example</TITLE>
</HEAD>
<BODY>

<FORM METHOD="post" ACTION="resultUpload.php" ENCTYPE="multipart/form-data">

<p><strong>File</strong><br>
<INPUT TYPE="file" NAME="img1" SIZE="30"></p>

<P><INPUT TYPE="submit" NAME="submit" VALUE="Send"></p>

</FORM>

</BODY>
</HTML>




/*resultupload.php*/
<? php

$ImgArr=array("image/pjpeg","image/gif","image/png");
$i=0;

if ($img1_name!="") {

  if($img1_size > 2000000) {
      echo "File size is bigger than 20kb!";
            exit;
    }

    while($i<3){
/* Change the relative path where you want to load images but the folder should be within the virtual

folder and put ./Yourfolder if it is in the same direcory where your page is currently located or ../yourfolder

if it is outside the folder   */
     if($ImgArr[$i]==$img1_type){
        copy("$img1","./Images/$img1_name")
      or die("No copy!");
      echo "File name : $img1_name <BR>";
      echo "File size :$img1_size <br>";
      echo "File Type :$img1_type <br>";
      exit;

     }

     $i++;
    }

  echo "Not A Image file!!!";
}

else
{

 die("No input file!");

}

?>



                      Anup
0
 
katyanCommented:
what's the error message u got. have u checked for write permission in the directory.
0
 
DragonSlayerCommented:
Hi, I don't use PHP in Windows, but I suppose you need to ensure that the backslashes in your directories are escaped?

i.e., change "D:\webspace\theheadgamester\gamesteronline.com\www\uploads" to "D:\\webspace\\theheadgamester\\gamesteronline.com\\www\\uploads"

Never have that problem in Linux... we use '/' instead of '\'


:)
0
Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

 
anupkaradeCommented:
Hi ..
Actually you PHP code runs on the server
no doubts about it but the path given
for the file to be uploaded should
be relative not absolute as in you case

instead of
D:\webspace\theheadgamester\gamesteronline.com\www\uploads
try this..

copy("$userfile","./Destination_Directory/$userfile_name")

the ./Destination_Directory --> folder to which the file is to be uploaded ..it should be inside your virtual directory( i.e where your pages are)

the ./ or ../ depends upon where the folder is
./ if the folder is inside the folder where you page id
../ if it is outside the folder where your page is

                 Anup
0
 
theheadgamesterAuthor Commented:
Could you re-write the script for me?  I know almost no PHP but learn from mistakes and examples.
0
 
theheadgamesterAuthor Commented:
I have an updated script that was sent to me, and it looks like it sends the file, but when I go to my uploads directory, it isn't there...

This is the script in full


<HTML><BODY>
<?php
if ($userfile) {
move_uploaded_file($userfile, "d:\\webspace\\theheadgamester\\gamesteronline.com\\www\\uploads\\$userfile_name");
?>
<p>Thank you for uploading your file :).
<p>Go back to Gamester Online.
<?php
} else {
?>
<FORM ENCTYPE="multipart/form-data" ACTION="fileupload.php" METHOD=POST>
<INPUT TYPE="hidden" name="MAX_FILE_SIZE" value="10000000">
Send this file: <INPUT NAME="userfile" TYPE="file">
<INPUT TYPE="submit" VALUE="Send File">
</FORM>
<?php
}
?>
</BODY></HTML>
0
 
katyanCommented:
the script u posted above is working. i've modified the path and i'm getting it. why don't u check the script to 1st upload in a tem directory, say d:\\tmp\\$userfile_name

i don't think there is any problem with the code.

<HTML><BODY>
<?php
if ($userfile) {
move_uploaded_file($userfile, "c:\\user\\katy\\$userfile_name");
?>
<p>Thank you for uploading your file :).
<p>Go back to Gamester Online.
<?php
} else {
?>
<FORM ENCTYPE="multipart/form-data" ACTION="upload.php" METHOD=POST>
<INPUT TYPE="hidden" name="MAX_FILE_SIZE" value="10000000">
Send this file: <INPUT NAME="userfile" TYPE="file">
<INPUT TYPE="submit" VALUE="Send File">
</FORM>
<?php
}
?>
</BODY></HTML>
0
 
us111Commented:
be careful in your first form, you have
<INPUT TYPE="hidden" name="MAX_FILE_SIZE" value="1000">
it means that you will able to send a file of 1Ko max so...
0
 
theheadgamesterAuthor Commented:
Well anupkrade, I will use your form, and will let everyone here know how stupid I feel now...my host just sent me an ASP form that works super great.  http://www.gamesteronline.com/upload.asp
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.