File Upload problem

Posted on 2005-04-26
Last Modified: 2008-03-06

I'm having trouble converting a file-upload system to work with register_globals off.

The form :
<FONT face="Arial, Helvetica, sans-serif" size=2>
Enter the name of the file eg."work.pdf"<B>:</B>
<FONT face="Arial, Helvetica, sans-serif" size=2>
<B><INPUT class="formfont" id="fluPDFupload" type="file" name="file_pdf"
BorderStyle="Solid" BorderWidth="1px" Width="100px"> </B>
<td align="center" colspan="2"><br>
<input class="button" type="submit" name="sub1" value="OK"> &nbsp; <input name="reset" type="reset" value="RESET">

The form action :

if ($sub1 == 'OK'){
$time = time();
if ($file_html != "") {                                                            
$filenamehtml = "$time".'.html';                                          
@copy("$file_html", "./upload/html/$filenamehtml")                  
            or die("Couldn't copy the file.");                              
                  $file_html = '/upload/html/'."$filenamehtml";      

if($file_pdf != ""){
print "hi";
print "<script lanugage=javascript>alert('')</script>";
$filenamepdf = "$time".'.pdf';
      @copy("$file_pdf", "./upload/pdf/$filenamepdf")
                   or die("Couldn't copy the file.");
                   $file_pdf = '/upload/pdf/'."$filenamepdf";
if ($file_doc != "") {
$filenamedoc = "$time".'.doc';
      @copy("$file_doc", "./upload/doc/$filenamedoc")
                   or die("Couldn't copy the file.");
                   $file_doc = '/upload/doc/'."$filenamedoc";
if ($file_other != "") {
$filenameother = "$time".'.pps';
      @copy("$file_other", "./upload/other/$filenameother")
                   or die("Couldn't copy the file.");
                   $file_other = '/upload/other/'."$filenameother";
       $sector = addslashes($sector);
       $category = addslashes($category);
       $branch = addslashes($branch);
       $display = addslashes($display);
       $pubdate = addslashes($pubdate);
       $adddate = date("Y-m-d");
       $title = addslashes($title);
       $keyw = addslashes($keyw);
       $synopsis = addslashes($synopsis);
       $file_pdf = addslashes($file_pdf);
       $file_doc = addslashes($file_doc);
       $file_other = addslashes($file_other);
$sql = "INSERT INTO documents SET
           sector  = '$sector ',
       category = '$category',
       branch= '$branch',
       display = '$display',
       pubdate= '$pubdate',
       adddate = '$adddate',
       title = '$title',
       keyw = '$keyw',
       synopsis = '$synopsis',
       file_pdf = '$file_pdf',
       file_doc = '$file_doc',
       file_other = '$file_other'";
echo mysql_error();
print "<script language=javascript>window.location='load2.php'</script>";
 the variables:

$file_pdf = $_POST['file_pdf'];
      $file_pdf = "";

Please help. This works fine with regisater_globals on
Question by:JCGreyling

    Author Comment

    I do include the variables
    LVL 27

    Accepted Solution

    First of all a little "how to" info.

    Normal form elements (with the post method), textarea, checkboxes, text inputs, etc. should be referenced using:


    The file input is a little different. On the server side you have an array called the $_FILES array. This contains all of the relevant information about the uploaded file. For example, if your file input was called "myfile":


    would have the original filename assigned to it.

    The PHP manual page for handling file uploads will tell you everything you need to know regarding how to handle the process:

    Make sure your form tag includes: enctype="multipart/form-data"

    For example. instead of:

    if ($file_html != "") {                                                  
    $filenamehtml = "$time".'.html';                                  
    @copy("$file_html", "./upload/html/$filenamehtml")              
              or die("Couldn't copy the file.");                        
                   $file_html = '/upload/html/'."$filenamehtml";    

    you would use something like:

    if (!empty($_FILES['file_html']['name'])) {                                                  
     $filenamehtml = "$time.html";                                  
     if (move_uploaded_file($_FILES['file_html']['tmp_name'],"/upload/html/$filenamehtml")) {
      echo "Done";
     else {
      echo "Could not upload";

    And if $sector, $category etc are being populated from the POST array you would instead use:

    $sector = addslashes($_POST['sector']);

    LVL 14

    Expert Comment

    No comment has been added to this question in more than 21 days, so it is now classified as abandoned..
    I will leave the following recommendation for this question in the Cleanup topic area:
    Accept: Diablo84

    Any objections should be posted here in the next 4 days. After that time, the question will be closed.

    EE Cleanup Volunteer

    Featured Post

    Find Ransomware Secrets With All-Source Analysis

    Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

    Join & Write a Comment

    As this topic comes over and over again in different forms, I've finally decided to write a short (yea, right...) article / tutorial about pagination with PHP with MySQL database. There are dozens of these kind of tutorials, I know - I wanted to mak…
    Introduction Many web sites contain image galleries; a common design for these galleries includes a page with a collection of thumbnail images.  You can click on each of the thumbnail images to see the larger version of the image.  This is easily i…
    The viewer will learn how to dynamically set the form action using jQuery.
    The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

    733 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    17 Experts available now in Live!

    Get 1:1 Help Now