abstractionz
asked on
Problems with uploading file
I have the page where the user can enter information into text fields as well as upload a file all on the same form. I have it setup in the following way:
First, I validate the file with a function, which checks to see if it is the right size, and the right type.
function validate_file($files_array
$errors = array();
$userfile_error = $files_array['userfile']['
$userfile_type = $files_array['userfile']['
if($userfile_error > 0){
switch($userfile_error){
case 1: $errors[] = 'File exceeded upload_max_filesize'; break;
case 2: $errors[] = 'File exceeded max_file_size'; break;
case 3: $errors[] = 'File only partially uploaded'; break;
case 4: $errors[] = 'No file uploaded'; break;
}
}
if($userfile_type != 'application/x-zip-compres
$errors[] = 'File is invalid';
}
return $errors;
}
Next, I validate the text fields. If there are any errors in either of these functions, I display them in the same script. Otherwise, I put all values into the session and do a header(location: ) to the preview script which just shows all the info. Finally, I add all the text fields to the database, and finish the upload with the following functions, whihc gives me the problem:
function upload_file($new_filename,
$errors = array();
$filedir = '/home/sites/www.mysite.com/questions/';
print $userfile . '<br>';
$userfile_name = $new_filename;
$upfile = $filedir . $userfile_name;
if(is_uploaded_file($userf
if(!move_uploaded_file($us
print 'Could not move file to destination directory';
//return $errors;
}
}
else{
print 'Possible file upload attack. Filename: '.$userfile_name;
}
}
where userfile is just the value of $_FILES['userfile']['tmp_n
First, I validate the file with a function, which checks to see if it is the right size, and the right type.
function validate_file($files_array
$errors = array();
$userfile_error = $files_array['userfile']['
$userfile_type = $files_array['userfile']['
if($userfile_error > 0){
switch($userfile_error){
case 1: $errors[] = 'File exceeded upload_max_filesize'; break;
case 2: $errors[] = 'File exceeded max_file_size'; break;
case 3: $errors[] = 'File only partially uploaded'; break;
case 4: $errors[] = 'No file uploaded'; break;
}
}
if($userfile_type != 'application/x-zip-compres
$errors[] = 'File is invalid';
}
return $errors;
}
Next, I validate the text fields. If there are any errors in either of these functions, I display them in the same script. Otherwise, I put all values into the session and do a header(location: ) to the preview script which just shows all the info. Finally, I add all the text fields to the database, and finish the upload with the following functions, whihc gives me the problem:
function upload_file($new_filename,
$errors = array();
$filedir = '/home/sites/www.mysite.com/questions/';
print $userfile . '<br>';
$userfile_name = $new_filename;
$upfile = $filedir . $userfile_name;
if(is_uploaded_file($userf
if(!move_uploaded_file($us
print 'Could not move file to destination directory';
//return $errors;
}
}
else{
print 'Possible file upload attack. Filename: '.$userfile_name;
}
}
where userfile is just the value of $_FILES['userfile']['tmp_n
Did you include this in your form tag?
enctype="multipart/form-da
Without it, files won't upload.
enctype="multipart/form-da
Without it, files won't upload.
you should work directly on the supplied system array $_FILES
there's no value in passing it around like you're showing
if this script is happening in another file than the script that uploaded, then the temp file may be deleted since it is a temp file.
there's no value in passing it around like you're showing
if this script is happening in another file than the script that uploaded, then the temp file may be deleted since it is a temp file.
ASKER
i do have permission to upload to the folder, and i included the enctype.
it is happening in another file that the script that uploaded. the only reason i did it this way was so that i could validate both the text fields and the file at the same time.
it is happening in another file that the script that uploaded. the only reason i did it this way was so that i could validate both the text fields and the file at the same time.
The file is deleted when you move to a new page before handling it.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
check the following link for more help.
http://www.netspade.com/articles/php/uploading.xml
hope this helps.