Why wouldn't this simple php upload script work?

I have a simple script that uploads files:

<form enctype="multipart/form-data" action="uploadrun.php" method="POST">
  <div align="center">
    <p class="style2">Please choose an image to upload to <strong>Custom Pet Sculpture</strong>:</p>
    <p>
      <input name="uploaded" type="file" size="50" />
      <br />
      </p>
    <p>
      <input type="submit" value="Upload This File" />
       </p>
  </div>
</form>

that runs this script...

<?php
$target = "uploads/";
$target = $target . basename( $_FILES['uploaded']['name']) ;
$ok=1;
if(move_uploaded_file($_FILES['uploaded']['tmp_name'], $target))
{
echo "The file [". basename( $_FILES['uploaded']['name']). "] has been uploaded.";
}
else {
echo "Sorry, there was a problem uploading your file.";
}
?>

It just doesn't seem to work.  I've used this script on other sites and it works fine.  It's pretty simple, so I can't for the life of me see why it won't work.  Here's the php info: http://custompetsculpture.com/info.php

Thanks!
Kevin
Kevin SmithAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

john-formbyCommented:
Hi,

I just ran the code locally and it works fine for me.  Do you get an error or does the file just not upload?  Have you checked the uploads folder has the correct permission (CHMOD 777)?  Is the path to the folder correct?

Hope this helps,

John

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
rjdownCommented:
Does PHP have permission to write to your uploads folder? Make sure it has group write permissions (CHMOD 664 I think is best in this case)
rjdownCommented:
Ooh John, don't ever CHMOD anything to 777! :(
Bootstrap 4: Exploring New Features

Learn how to use and navigate the new features included in Bootstrap 4, the most popular HTML, CSS, and JavaScript framework for developing responsive, mobile-first websites.

rjdownCommented:
Regardless of his advice, 777 IS a security risk. No files should ever be set up with public write access, EVER! Think about it - if it wasn't an issue, why have the options in the first place?
Kevin SmithAuthor Commented:
Sweet...it was the permissions.  What's the best way to address the security of 777?  And how would I let them name the file with the above code?
rjdownCommented:
The best way to address 777 is to use 664 instead. You only need to provide a file with enough permissions to allow it to function as intended, anything else is a potential risk and it's simply not worth it.

Furthermore, your upload script in its current state allows people to upload malicious scripts that can and undoubtedly will take control of your server. Be warned - do not use it on a production site without further development!

Letting a user name uploaded files is a whole new issue tbh, and requires validation to reduce the risks of further security concerns. However, as a basic example, you would simply add a new input element

<input type="text" name="filename">

And then instead of

$target = $target . basename( $_FILES['uploaded']['name']) ;

You would use

$target = $target . $_POST['filename'];

Again, do NOT use this example without further development! It leaves your entire system open to compromise!
rjdownCommented:
Further information:

http://www.electrictoolbox.com/disable-php-apache-htaccess/ (disabling the execution of PHP files in a particular directory)

http://php.net/manual/en/function.getimagesize.php (determining if the uploaded file is an image, I'm unsure of your intended list of acceptable file types but may be of some use)
sivagnanam chandrakanthTechnical LeadCommented:
Just change the permissions of the folder before and after uploading
Kevin SmithAuthor Commented:
rjdown...it sues the $_FILES to get the actual file from the uploaded field, should i replace the line or add it in?  Where would I tell it to name the file with what's in the myfilename field?
Kevin SmithAuthor Commented:
Ah, got it to rename.  Thanks!  How would I get it to add the extension back?
Kevin SmithAuthor Commented:
Kevin SmithAuthor Commented:
some points to rj for deeper understanding, bulk of points to john for first answer.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
PHP

From novice to tech pro — start learning today.