• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 208
  • Last Modified:

What did I do wrong with this upload script?

I got a sample script off of a website, and changed the directory name to the desired upload directory name as instructed in the example.  I changed it, and it didn't work!  I see PHP upload forms all over the place and want to be able to use one myself.

Here is the script for "sender.php"

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
<FORM ENCTYPE="multipart/form-data" ACTION="send.php" METHOD=POST>
<INPUT TYPE="hidden" name="MAX_FILE_SIZE" value="1000">
Send this file: <INPUT NAME="userfile" TYPE="file">
<INPUT TYPE="submit" VALUE="Send File">
</FORM>
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

and here is the "send.php" script

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
<?php
if (is_uploaded_file($userfile)) {
    copy($userfile, "d:\webspace\theheadgamester\gamesteronline.com\www\uploads\");
} else {
    echo "Possible file upload attack: filename '$userfile'.";
}
/* ...or... */
move_uploaded_file($userfile, "d:\webspace\theheadgamester\gamesteronline.com\www\uploads\");
?>
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
0
theheadgamester
Asked:
theheadgamester
  • 3
  • 2
  • 2
  • +2
1 Solution
 
katyanCommented:
what's the error message u got. have u checked for write permission in the directory.
0
 
DragonSlayerCommented:
Hi, I don't use PHP in Windows, but I suppose you need to ensure that the backslashes in your directories are escaped?

i.e., change "D:\webspace\theheadgamester\gamesteronline.com\www\uploads" to "D:\\webspace\\theheadgamester\\gamesteronline.com\\www\\uploads"

Never have that problem in Linux... we use '/' instead of '\'


:)
0
 
anupkaradeCommented:
Hi ..
Actually you PHP code runs on the server
no doubts about it but the path given
for the file to be uploaded should
be relative not absolute as in you case

instead of
D:\webspace\theheadgamester\gamesteronline.com\www\uploads
try this..

copy("$userfile","./Destination_Directory/$userfile_name")

the ./Destination_Directory --> folder to which the file is to be uploaded ..it should be inside your virtual directory( i.e where your pages are)

the ./ or ../ depends upon where the folder is
./ if the folder is inside the folder where you page id
../ if it is outside the folder where your page is

                 Anup
0
[Webinar] Improve your customer journey

A positive customer journey is important in attracting and retaining business. To improve this experience, you can use Google Maps APIs to increase checkout conversions, boost user engagement, and optimize order fulfillment. Learn how in this webinar presented by Dito.

 
theheadgamesterAuthor Commented:
Could you re-write the script for me?  I know almost no PHP but learn from mistakes and examples.
0
 
theheadgamesterAuthor Commented:
I have an updated script that was sent to me, and it looks like it sends the file, but when I go to my uploads directory, it isn't there...

This is the script in full


<HTML><BODY>
<?php
if ($userfile) {
move_uploaded_file($userfile, "d:\\webspace\\theheadgamester\\gamesteronline.com\\www\\uploads\\$userfile_name");
?>
<p>Thank you for uploading your file :).
<p>Go back to Gamester Online.
<?php
} else {
?>
<FORM ENCTYPE="multipart/form-data" ACTION="fileupload.php" METHOD=POST>
<INPUT TYPE="hidden" name="MAX_FILE_SIZE" value="10000000">
Send this file: <INPUT NAME="userfile" TYPE="file">
<INPUT TYPE="submit" VALUE="Send File">
</FORM>
<?php
}
?>
</BODY></HTML>
0
 
katyanCommented:
the script u posted above is working. i've modified the path and i'm getting it. why don't u check the script to 1st upload in a tem directory, say d:\\tmp\\$userfile_name

i don't think there is any problem with the code.

<HTML><BODY>
<?php
if ($userfile) {
move_uploaded_file($userfile, "c:\\user\\katy\\$userfile_name");
?>
<p>Thank you for uploading your file :).
<p>Go back to Gamester Online.
<?php
} else {
?>
<FORM ENCTYPE="multipart/form-data" ACTION="upload.php" METHOD=POST>
<INPUT TYPE="hidden" name="MAX_FILE_SIZE" value="10000000">
Send this file: <INPUT NAME="userfile" TYPE="file">
<INPUT TYPE="submit" VALUE="Send File">
</FORM>
<?php
}
?>
</BODY></HTML>
0
 
us111Commented:
be careful in your first form, you have
<INPUT TYPE="hidden" name="MAX_FILE_SIZE" value="1000">
it means that you will able to send a file of 1Ko max so...
0
 
anupkaradeCommented:
Here is the sample scripts for you
I am using it in one of my project it works smooth

Just Copy paste this code make the relevant changes as instructed in the commented portion and you have

the answer here


<--! The First Page where the image is browsed for uploading--->

<HTML>
<HEAD>
<TITLE>Upload example</TITLE>
</HEAD>
<BODY>

<FORM METHOD="post" ACTION="resultUpload.php" ENCTYPE="multipart/form-data">

<p><strong>File</strong><br>
<INPUT TYPE="file" NAME="img1" SIZE="30"></p>

<P><INPUT TYPE="submit" NAME="submit" VALUE="Send"></p>

</FORM>

</BODY>
</HTML>




/*resultupload.php*/
<? php

$ImgArr=array("image/pjpeg","image/gif","image/png");
$i=0;

if ($img1_name!="") {

  if($img1_size > 2000000) {
      echo "File size is bigger than 20kb!";
            exit;
    }

    while($i<3){
/* Change the relative path where you want to load images but the folder should be within the virtual

folder and put ./Yourfolder if it is in the same direcory where your page is currently located or ../yourfolder

if it is outside the folder   */
     if($ImgArr[$i]==$img1_type){
        copy("$img1","./Images/$img1_name")
      or die("No copy!");
      echo "File name : $img1_name <BR>";
      echo "File size :$img1_size <br>";
      echo "File Type :$img1_type <br>";
      exit;

     }

     $i++;
    }

  echo "Not A Image file!!!";
}

else
{

 die("No input file!");

}

?>



                      Anup
0
 
theheadgamesterAuthor Commented:
Well anupkrade, I will use your form, and will let everyone here know how stupid I feel now...my host just sent me an ASP form that works super great.  http://www.gamesteronline.com/upload.asp
0

Featured Post

Take Control of Web Hosting For Your Clients

As a web developer or IT admin, successfully managing multiple client accounts can be challenging. In this webinar we will look at the tools provided by Media Temple and Plesk to make managing your clients’ hosting easier.

  • 3
  • 2
  • 2
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now