• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 317
  • Last Modified:

File Upload problem


I'm having trouble converting a file-upload system to work with register_globals off.

The form :
<FONT face="Arial, Helvetica, sans-serif" size=2>
Enter the name of the file eg."work.pdf"<B>:</B>
<FONT face="Arial, Helvetica, sans-serif" size=2>
<B><INPUT class="formfont" id="fluPDFupload" type="file" name="file_pdf"
BorderStyle="Solid" BorderWidth="1px" Width="100px"> </B>
<td align="center" colspan="2"><br>
<input class="button" type="submit" name="sub1" value="OK"> &nbsp; <input name="reset" type="reset" value="RESET">

The form action :

if ($sub1 == 'OK'){
$time = time();
if ($file_html != "") {                                                            
$filenamehtml = "$time".'.html';                                          
@copy("$file_html", "./upload/html/$filenamehtml")                  
            or die("Couldn't copy the file.");                              
                  $file_html = '/upload/html/'."$filenamehtml";      

if($file_pdf != ""){
print "hi";
print "<script lanugage=javascript>alert('')</script>";
$filenamepdf = "$time".'.pdf';
      @copy("$file_pdf", "./upload/pdf/$filenamepdf")
                   or die("Couldn't copy the file.");
                   $file_pdf = '/upload/pdf/'."$filenamepdf";
if ($file_doc != "") {
$filenamedoc = "$time".'.doc';
      @copy("$file_doc", "./upload/doc/$filenamedoc")
                   or die("Couldn't copy the file.");
                   $file_doc = '/upload/doc/'."$filenamedoc";
if ($file_other != "") {
$filenameother = "$time".'.pps';
      @copy("$file_other", "./upload/other/$filenameother")
                   or die("Couldn't copy the file.");
                   $file_other = '/upload/other/'."$filenameother";
       $sector = addslashes($sector);
       $category = addslashes($category);
       $branch = addslashes($branch);
       $display = addslashes($display);
       $pubdate = addslashes($pubdate);
       $adddate = date("Y-m-d");
       $title = addslashes($title);
       $keyw = addslashes($keyw);
       $synopsis = addslashes($synopsis);
       $file_pdf = addslashes($file_pdf);
       $file_doc = addslashes($file_doc);
       $file_other = addslashes($file_other);
$sql = "INSERT INTO documents SET
           sector  = '$sector ',
       category = '$category',
       branch= '$branch',
       display = '$display',
       pubdate= '$pubdate',
       adddate = '$adddate',
       title = '$title',
       keyw = '$keyw',
       synopsis = '$synopsis',
       file_pdf = '$file_pdf',
       file_doc = '$file_doc',
       file_other = '$file_other'";
echo mysql_error();
print "<script language=javascript>window.location='load2.php'</script>";
 the variables:

$file_pdf = $_POST['file_pdf'];
      $file_pdf = "";

Please help. This works fine with regisater_globals on
1 Solution
JCGreylingAuthor Commented:
I do include the variables
First of all a little "how to" info.

Normal form elements (with the post method), textarea, checkboxes, text inputs, etc. should be referenced using:


The file input is a little different. On the server side you have an array called the $_FILES array. This contains all of the relevant information about the uploaded file. For example, if your file input was called "myfile":


would have the original filename assigned to it.

The PHP manual page for handling file uploads will tell you everything you need to know regarding how to handle the process:


Make sure your form tag includes: enctype="multipart/form-data"

For example. instead of:

if ($file_html != "") {                                                  
$filenamehtml = "$time".'.html';                                  
@copy("$file_html", "./upload/html/$filenamehtml")              
          or die("Couldn't copy the file.");                        
               $file_html = '/upload/html/'."$filenamehtml";    

you would use something like:

if (!empty($_FILES['file_html']['name'])) {                                                  
 $filenamehtml = "$time.html";                                  
 if (move_uploaded_file($_FILES['file_html']['tmp_name'],"/upload/html/$filenamehtml")) {
  echo "Done";
 else {
  echo "Could not upload";

And if $sector, $category etc are being populated from the POST array you would instead use:

$sector = addslashes($_POST['sector']);

No comment has been added to this question in more than 21 days, so it is now classified as abandoned..
I will leave the following recommendation for this question in the Cleanup topic area:
Accept: Diablo84

Any objections should be posted here in the next 4 days. After that time, the question will be closed.

EE Cleanup Volunteer

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now