Solved

upload file

Posted on 2002-06-03
11
593 Views
Last Modified: 2008-03-06
hi, im new in php.
i'm working on this script to upload a file. im using Apache server.

here's the codes:

upload.html
...
<body>
<form enctype="multipart/form-data" action="do_upload.php" method="post">
<input type="hidden" name="max_file_size" value="1000">
Image file (1 MB max):<input name="userfile" type="file"><br>
<input type="submit" value="Upload">
</form>
</body>

do_upload.php
(the register_globals in the php.ini is turned on)

<?php

if (is_uploaded_file($userfile)) {
    copy($userfile, "/var/www/html/photolib");
} else {
    echo "Possible file upload attack. Filename: " . $userfile_name;
}

?>

When it is run, i get -
Warning: Unable to create '/var/www/html/photolib/': Is a directory in /var/www/html/photolib/do_upload.php on line 4

i also don't see the file being uploaded. what else do i need to add or re-configure?

thanks a lot.
0
Comment
Question by:pepperoni
  • 6
  • 4
11 Comments
 
LVL 5

Expert Comment

by:Hamlet081299
ID: 7053207
looks like you should have ...

   copy($userfile, "/var/www/html/photolib/$userfile");

0
 
LVL 5

Expert Comment

by:Hamlet081299
ID: 7053216
correction ...

  copy($userfile, "/var/www/html/photolib/" . basename($userfile));
0
 
LVL 5

Accepted Solution

by:
Hamlet081299 earned 75 total points
ID: 7053227
You should realise that this code does still leave a copy of the uploaded file in the temp directory, and I'm not sure that's really what you are after?  It also will give the file some awful name like "phpA12.tmp", which is not much use if it's a jpeg or similar!!!

What you should probably be doing is moving the temporary file that has been loaded, and saving it with the original name.

This is much better...
    move_uploaded_file($userfile, "/var/www/html/photolib/$userfile_name");


H.
0
Courses: Start Training Online With Pros, Today

Brush up on the basics or master the advanced techniques required to earn essential industry certifications, with Courses. Enroll in a course and start learning today. Training topics range from Android App Dev to the Xen Virtualization Platform.

 
LVL 5

Expert Comment

by:Hamlet081299
ID: 7053233
Other notes...

You may also want to respond differently if a file by that name exists already.

From php help "Chapter 5. Handling file uploads"...

When register_globals is turned on in php.ini the available variables are as follows. Note that the following variable names assume the use of the file upload name 'userfile', as used in the example script above:

* $userfile - The temporary filename in which the uploaded file was stored on the server machine.

* $userfile_name - The original name or path of the file on the sender's system.

* $userfile_size - The size of the uploaded file in bytes.

* $userfile_type - The mime type of the file if the browser provided this information. An example would be "image/gif".
0
 

Author Comment

by:pepperoni
ID: 7053280
hamlet, thanks.

i tried it but i got a problems with the permission..

the exact error:

Warning: Unable to create '/var/www/html/photolib/a.gif': Permission denied in /var/www/html/photolib/do_upload.php on line 7

Warning: Unable to move '/tmp/phpPeAz96' to '/var/www/html/photolib/a.gif' in /var/www/html/photolib/do_upload.php on line 7
0
 

Author Comment

by:pepperoni
ID: 7053281
hamlet, thanks.

i tried it but i got a problems with the permission..

the exact error:

Warning: Unable to create '/var/www/html/photolib/a.gif': Permission denied in /var/www/html/photolib/do_upload.php on line 7

Warning: Unable to move '/tmp/phpPeAz96' to '/var/www/html/photolib/a.gif' in /var/www/html/photolib/do_upload.php on line 7
0
 

Author Comment

by:pepperoni
ID: 7053282
hamlet, thanks.

i tried it but i got a problems with the permission..

the exact error:

Warning: Unable to create '/var/www/html/photolib/a.gif': Permission denied in /var/www/html/photolib/do_upload.php on line 7

Warning: Unable to move '/tmp/phpPeAz96' to '/var/www/html/photolib/a.gif' in /var/www/html/photolib/do_upload.php on line 7
0
 

Author Comment

by:pepperoni
ID: 7053285
sorry, i didn't mean to post the reply thrice.
0
 
LVL 5

Expert Comment

by:dkjariwala
ID: 7053295
Do it like,

<?php

if (is_uploaded_file($userfile))
{
   $new_filename =$HTTP_POST_FILES['userfile']['name']
   move_uploaded_file($userfile, "/var/www/html/photolib/$new_filename");
} else {
   echo "Possible file upload attack. Filename: " . $userfile_name;
}

?>

Make sure /var/www/html/photolib directory is writable by webserver.

JD
0
 

Author Comment

by:pepperoni
ID: 7053365
Thanks. its working. i changed some folder permissions.
0
 

Author Comment

by:pepperoni
ID: 7053366
Thanks. its working. i changed some folder permissions.
0

Featured Post

Live: Real-Time Solutions, Start Here

Receive instant 1:1 support from technology experts, using our real-time conversation and whiteboard interface. Your first 5 minutes are always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Popularity Can Be Measured Sometimes we deal with questions of popularity, and we need a way to collect opinions from our clients.  This article shows a simple teaching example of how we might elect a favorite color by letting our clients vote for …
Things That Drive Us Nuts Have you noticed the use of the reCaptcha feature at EE and other web sites?  It wants you to read and retype something that looks like this.Insanity!  It's not EE's fault - that's just the way reCaptcha works.  But it is …
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now