JCGreyling
asked on
File Upload problem
Hi
I'm having trouble converting a file-upload system to work with register_globals off.
The form :
<TR>
<TD>
<FONT face="Arial, Helvetica, sans-serif" size=2>
Enter the name of the file eg."work.pdf"<B>:</B>
</FONT>
</TD>
<TD>
<FONT face="Arial, Helvetica, sans-serif" size=2>
<B><INPUT class="formfont" id="fluPDFupload" type="file" name="file_pdf"
BorderStyle="Solid" BorderWidth="1px" Width="100px"> </B>
</FONT>
</TD>
</TR>
<tr>
<td align="center" colspan="2"><br>
<input class="button" type="submit" name="sub1" value="OK"> <input name="reset" type="reset" value="RESET">
</td>
</tr>
The form action :
if ($sub1 == 'OK'){
$time = time();
##
if ($file_html != "") {
$filenamehtml = "$time".'.html';
@copy("$file_html", "./upload/html/$filenameht
or die("Couldn't copy the file.");
$file_html = '/upload/html/'."$filename
}
##
if($file_pdf != ""){
print "hi";
print "<script lanugage=javascript>alert(
$filenamepdf = "$time".'.pdf';
@copy("$file_pdf", "./upload/pdf/$filenamepdf
or die("Couldn't copy the file.");
$file_pdf = '/upload/pdf/'."$filenamep
}
##
if ($file_doc != "") {
$filenamedoc = "$time".'.doc';
@copy("$file_doc", "./upload/doc/$filenamedoc
or die("Couldn't copy the file.");
$file_doc = '/upload/doc/'."$filenamed
}
##
if ($file_other != "") {
$filenameother = "$time".'.pps';
@copy("$file_other", "./upload/other/$filenameo
or die("Couldn't copy the file.");
$file_other = '/upload/other/'."$filenam
}
##
$sector = addslashes($sector);
$category = addslashes($category);
$branch = addslashes($branch);
$display = addslashes($display);
$pubdate = addslashes($pubdate);
$adddate = date("Y-m-d");
$title = addslashes($title);
$keyw = addslashes($keyw);
$synopsis = addslashes($synopsis);
$file_pdf = addslashes($file_pdf);
$file_doc = addslashes($file_doc);
$file_other = addslashes($file_other);
$sql = "INSERT INTO documents SET
sector = '$sector ',
category = '$category',
branch= '$branch',
display = '$display',
pubdate= '$pubdate',
adddate = '$adddate',
title = '$title',
keyw = '$keyw',
synopsis = '$synopsis',
file_pdf = '$file_pdf',
file_doc = '$file_doc',
file_other = '$file_other'";
mysql_query($sql);
echo mysql_error();
print "<script language=javascript>window
}
the variables:
if(isset($_POST['file_pdf'
$file_pdf = $_POST['file_pdf'];
}else{
$file_pdf = "";
}
Please help. This works fine with regisater_globals on
I'm having trouble converting a file-upload system to work with register_globals off.
The form :
<TR>
<TD>
<FONT face="Arial, Helvetica, sans-serif" size=2>
Enter the name of the file eg."work.pdf"<B>:</B>
</FONT>
</TD>
<TD>
<FONT face="Arial, Helvetica, sans-serif" size=2>
<B><INPUT class="formfont" id="fluPDFupload" type="file" name="file_pdf"
BorderStyle="Solid" BorderWidth="1px" Width="100px"> </B>
</FONT>
</TD>
</TR>
<tr>
<td align="center" colspan="2"><br>
<input class="button" type="submit" name="sub1" value="OK"> <input name="reset" type="reset" value="RESET">
</td>
</tr>
The form action :
if ($sub1 == 'OK'){
$time = time();
##
if ($file_html != "") {
$filenamehtml = "$time".'.html';
@copy("$file_html", "./upload/html/$filenameht
or die("Couldn't copy the file.");
$file_html = '/upload/html/'."$filename
}
##
if($file_pdf != ""){
print "hi";
print "<script lanugage=javascript>alert(
$filenamepdf = "$time".'.pdf';
@copy("$file_pdf", "./upload/pdf/$filenamepdf
or die("Couldn't copy the file.");
$file_pdf = '/upload/pdf/'."$filenamep
}
##
if ($file_doc != "") {
$filenamedoc = "$time".'.doc';
@copy("$file_doc", "./upload/doc/$filenamedoc
or die("Couldn't copy the file.");
$file_doc = '/upload/doc/'."$filenamed
}
##
if ($file_other != "") {
$filenameother = "$time".'.pps';
@copy("$file_other", "./upload/other/$filenameo
or die("Couldn't copy the file.");
$file_other = '/upload/other/'."$filenam
}
##
$sector = addslashes($sector);
$category = addslashes($category);
$branch = addslashes($branch);
$display = addslashes($display);
$pubdate = addslashes($pubdate);
$adddate = date("Y-m-d");
$title = addslashes($title);
$keyw = addslashes($keyw);
$synopsis = addslashes($synopsis);
$file_pdf = addslashes($file_pdf);
$file_doc = addslashes($file_doc);
$file_other = addslashes($file_other);
$sql = "INSERT INTO documents SET
sector = '$sector ',
category = '$category',
branch= '$branch',
display = '$display',
pubdate= '$pubdate',
adddate = '$adddate',
title = '$title',
keyw = '$keyw',
synopsis = '$synopsis',
file_pdf = '$file_pdf',
file_doc = '$file_doc',
file_other = '$file_other'";
mysql_query($sql);
echo mysql_error();
print "<script language=javascript>window
}
the variables:
if(isset($_POST['file_pdf'
$file_pdf = $_POST['file_pdf'];
}else{
$file_pdf = "";
}
Please help. This works fine with regisater_globals on
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
No comment has been added to this question in more than 21 days, so it is now classified as abandoned..
I will leave the following recommendation for this question in the Cleanup topic area:
Accept: Diablo84
Any objections should be posted here in the next 4 days. After that time, the question will be closed.
Huji
EE Cleanup Volunteer
I will leave the following recommendation for this question in the Cleanup topic area:
Accept: Diablo84
Any objections should be posted here in the next 4 days. After that time, the question will be closed.
Huji
EE Cleanup Volunteer
ASKER