Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

upload file

Posted on 2002-06-03
11
Medium Priority
?
607 Views
Last Modified: 2008-03-06
hi, im new in php.
i'm working on this script to upload a file. im using Apache server.

here's the codes:

upload.html
...
<body>
<form enctype="multipart/form-data" action="do_upload.php" method="post">
<input type="hidden" name="max_file_size" value="1000">
Image file (1 MB max):<input name="userfile" type="file"><br>
<input type="submit" value="Upload">
</form>
</body>

do_upload.php
(the register_globals in the php.ini is turned on)

<?php

if (is_uploaded_file($userfile)) {
    copy($userfile, "/var/www/html/photolib");
} else {
    echo "Possible file upload attack. Filename: " . $userfile_name;
}

?>

When it is run, i get -
Warning: Unable to create '/var/www/html/photolib/': Is a directory in /var/www/html/photolib/do_upload.php on line 4

i also don't see the file being uploaded. what else do i need to add or re-configure?

thanks a lot.
0
Comment
Question by:pepperoni
  • 6
  • 4
11 Comments
 
LVL 5

Expert Comment

by:Hamlet081299
ID: 7053207
looks like you should have ...

   copy($userfile, "/var/www/html/photolib/$userfile");

0
 
LVL 5

Expert Comment

by:Hamlet081299
ID: 7053216
correction ...

  copy($userfile, "/var/www/html/photolib/" . basename($userfile));
0
 
LVL 5

Accepted Solution

by:
Hamlet081299 earned 300 total points
ID: 7053227
You should realise that this code does still leave a copy of the uploaded file in the temp directory, and I'm not sure that's really what you are after?  It also will give the file some awful name like "phpA12.tmp", which is not much use if it's a jpeg or similar!!!

What you should probably be doing is moving the temporary file that has been loaded, and saving it with the original name.

This is much better...
    move_uploaded_file($userfile, "/var/www/html/photolib/$userfile_name");


H.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 5

Expert Comment

by:Hamlet081299
ID: 7053233
Other notes...

You may also want to respond differently if a file by that name exists already.

From php help "Chapter 5. Handling file uploads"...

When register_globals is turned on in php.ini the available variables are as follows. Note that the following variable names assume the use of the file upload name 'userfile', as used in the example script above:

* $userfile - The temporary filename in which the uploaded file was stored on the server machine.

* $userfile_name - The original name or path of the file on the sender's system.

* $userfile_size - The size of the uploaded file in bytes.

* $userfile_type - The mime type of the file if the browser provided this information. An example would be "image/gif".
0
 

Author Comment

by:pepperoni
ID: 7053280
hamlet, thanks.

i tried it but i got a problems with the permission..

the exact error:

Warning: Unable to create '/var/www/html/photolib/a.gif': Permission denied in /var/www/html/photolib/do_upload.php on line 7

Warning: Unable to move '/tmp/phpPeAz96' to '/var/www/html/photolib/a.gif' in /var/www/html/photolib/do_upload.php on line 7
0
 

Author Comment

by:pepperoni
ID: 7053281
hamlet, thanks.

i tried it but i got a problems with the permission..

the exact error:

Warning: Unable to create '/var/www/html/photolib/a.gif': Permission denied in /var/www/html/photolib/do_upload.php on line 7

Warning: Unable to move '/tmp/phpPeAz96' to '/var/www/html/photolib/a.gif' in /var/www/html/photolib/do_upload.php on line 7
0
 

Author Comment

by:pepperoni
ID: 7053282
hamlet, thanks.

i tried it but i got a problems with the permission..

the exact error:

Warning: Unable to create '/var/www/html/photolib/a.gif': Permission denied in /var/www/html/photolib/do_upload.php on line 7

Warning: Unable to move '/tmp/phpPeAz96' to '/var/www/html/photolib/a.gif' in /var/www/html/photolib/do_upload.php on line 7
0
 

Author Comment

by:pepperoni
ID: 7053285
sorry, i didn't mean to post the reply thrice.
0
 
LVL 5

Expert Comment

by:dkjariwala
ID: 7053295
Do it like,

<?php

if (is_uploaded_file($userfile))
{
   $new_filename =$HTTP_POST_FILES['userfile']['name']
   move_uploaded_file($userfile, "/var/www/html/photolib/$new_filename");
} else {
   echo "Possible file upload attack. Filename: " . $userfile_name;
}

?>

Make sure /var/www/html/photolib directory is writable by webserver.

JD
0
 

Author Comment

by:pepperoni
ID: 7053365
Thanks. its working. i changed some folder permissions.
0
 

Author Comment

by:pepperoni
ID: 7053366
Thanks. its working. i changed some folder permissions.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Part of the Global Positioning System A geocode (https://developers.google.com/maps/documentation/geocoding/) is the major subset of a GPS coordinate (http://en.wikipedia.org/wiki/Global_Positioning_System), the other parts being the altitude and t…
There are times when I have encountered the need to decompress a response from a PHP request. This is how it's done, but you must have control of the request and you can set the Accept-Encoding header.
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.
Suggested Courses

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question