Solved

upload file

Posted on 2002-06-03
11
597 Views
Last Modified: 2008-03-06
hi, im new in php.
i'm working on this script to upload a file. im using Apache server.

here's the codes:

upload.html
...
<body>
<form enctype="multipart/form-data" action="do_upload.php" method="post">
<input type="hidden" name="max_file_size" value="1000">
Image file (1 MB max):<input name="userfile" type="file"><br>
<input type="submit" value="Upload">
</form>
</body>

do_upload.php
(the register_globals in the php.ini is turned on)

<?php

if (is_uploaded_file($userfile)) {
    copy($userfile, "/var/www/html/photolib");
} else {
    echo "Possible file upload attack. Filename: " . $userfile_name;
}

?>

When it is run, i get -
Warning: Unable to create '/var/www/html/photolib/': Is a directory in /var/www/html/photolib/do_upload.php on line 4

i also don't see the file being uploaded. what else do i need to add or re-configure?

thanks a lot.
0
Comment
Question by:pepperoni
  • 6
  • 4
11 Comments
 
LVL 5

Expert Comment

by:Hamlet081299
ID: 7053207
looks like you should have ...

   copy($userfile, "/var/www/html/photolib/$userfile");

0
 
LVL 5

Expert Comment

by:Hamlet081299
ID: 7053216
correction ...

  copy($userfile, "/var/www/html/photolib/" . basename($userfile));
0
 
LVL 5

Accepted Solution

by:
Hamlet081299 earned 75 total points
ID: 7053227
You should realise that this code does still leave a copy of the uploaded file in the temp directory, and I'm not sure that's really what you are after?  It also will give the file some awful name like "phpA12.tmp", which is not much use if it's a jpeg or similar!!!

What you should probably be doing is moving the temporary file that has been loaded, and saving it with the original name.

This is much better...
    move_uploaded_file($userfile, "/var/www/html/photolib/$userfile_name");


H.
0
Networking for the Cloud Era

Join Microsoft and Riverbed for a discussion and demonstration of enhancements to SteelConnect:
-One-click orchestration and cloud connectivity in Azure environments
-Tight integration of SD-WAN and WAN optimization capabilities
-Scalability and resiliency equal to a data center

 
LVL 5

Expert Comment

by:Hamlet081299
ID: 7053233
Other notes...

You may also want to respond differently if a file by that name exists already.

From php help "Chapter 5. Handling file uploads"...

When register_globals is turned on in php.ini the available variables are as follows. Note that the following variable names assume the use of the file upload name 'userfile', as used in the example script above:

* $userfile - The temporary filename in which the uploaded file was stored on the server machine.

* $userfile_name - The original name or path of the file on the sender's system.

* $userfile_size - The size of the uploaded file in bytes.

* $userfile_type - The mime type of the file if the browser provided this information. An example would be "image/gif".
0
 

Author Comment

by:pepperoni
ID: 7053280
hamlet, thanks.

i tried it but i got a problems with the permission..

the exact error:

Warning: Unable to create '/var/www/html/photolib/a.gif': Permission denied in /var/www/html/photolib/do_upload.php on line 7

Warning: Unable to move '/tmp/phpPeAz96' to '/var/www/html/photolib/a.gif' in /var/www/html/photolib/do_upload.php on line 7
0
 

Author Comment

by:pepperoni
ID: 7053281
hamlet, thanks.

i tried it but i got a problems with the permission..

the exact error:

Warning: Unable to create '/var/www/html/photolib/a.gif': Permission denied in /var/www/html/photolib/do_upload.php on line 7

Warning: Unable to move '/tmp/phpPeAz96' to '/var/www/html/photolib/a.gif' in /var/www/html/photolib/do_upload.php on line 7
0
 

Author Comment

by:pepperoni
ID: 7053282
hamlet, thanks.

i tried it but i got a problems with the permission..

the exact error:

Warning: Unable to create '/var/www/html/photolib/a.gif': Permission denied in /var/www/html/photolib/do_upload.php on line 7

Warning: Unable to move '/tmp/phpPeAz96' to '/var/www/html/photolib/a.gif' in /var/www/html/photolib/do_upload.php on line 7
0
 

Author Comment

by:pepperoni
ID: 7053285
sorry, i didn't mean to post the reply thrice.
0
 
LVL 5

Expert Comment

by:dkjariwala
ID: 7053295
Do it like,

<?php

if (is_uploaded_file($userfile))
{
   $new_filename =$HTTP_POST_FILES['userfile']['name']
   move_uploaded_file($userfile, "/var/www/html/photolib/$new_filename");
} else {
   echo "Possible file upload attack. Filename: " . $userfile_name;
}

?>

Make sure /var/www/html/photolib directory is writable by webserver.

JD
0
 

Author Comment

by:pepperoni
ID: 7053365
Thanks. its working. i changed some folder permissions.
0
 

Author Comment

by:pepperoni
ID: 7053366
Thanks. its working. i changed some folder permissions.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Developers of all skill levels should learn to use current best practices when developing websites. However many developers, new and old, fall into the trap of using deprecated features because this is what so many tutorials and books tell them to u…
Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question