...

View Full Version : Upload file Script Doesn't Work



macleodjb
02-23-2008, 06:40 PM
Hi guys, I was hoping you could tell me why this upload file script doesn't work.



<form enctype="multipart/form-data" action="upload-photo.php" method="POST">
<input type="hidden" name="MAX_FILE_SIZE" value="100000" />
Select the photo to upload<br /><br />
<input name="uploadedfile" type="file" /><br /><br />
<input type="submit" value="Upload File" />
</form>



<?php
$target_path = "members/photos/";
$target_path = $target_path . basename( $_FILES['uploadedfile']['name']);

if ((($_FILES["file"]["type"] == "image/jpg")
|| ($_FILES["file"]["type"] == "image/jpeg")
|| ($_FILES["file"]["type"] == "image/pjpeg"))
&& ($_FILES["file"]["size"] < 100000))
{
if ($_FILES["file"]["error"] > 0){
echo "Return Code: " . $_FILES["file"]["error"] . "<br />";
} else {
echo "Upload: " . $_FILES["file"]["name"] . "<br />";
echo "Type: " . $_FILES["file"]["type"] . "<br />";
echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />";
echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br />";
move_uploaded_file($_FILES["file"]["tmp_name"],
"members/photos/" . $_FILES["file"]["name"]);
echo "Stored in: " . "members/photos/" . $_FILES["file"]["name"];
}
} else {
echo "Invalid file";
}
?>


also if i wanted to change the file name how would i do that before the file gets saved?

Fumigator
02-23-2008, 06:44 PM
Look into move_uploaded_file() (http://us2.php.net/manual/en/function.move-uploaded-file.php) and the tutorial on handling file uploads (http://us2.php.net/manual/en/features.file-upload.php) for info on how to get your script working.

I'm not going to bother attempting to debug your code that I a) can't run myself, and b) wasn't given any error information about.

macleodjb
02-23-2008, 06:55 PM
well the problem is that it always goes to the false statement and reads invalid file eventhough the file being uploaded meets all statement checks.

oesxyl
02-23-2008, 07:37 PM
well the problem is that it always goes to the false statement and reads invalid file eventhough the file being uploaded meets all statement checks.

use:



if ($_FILES["file"]["error"] !== UPLOAD_ERR_OK){


instead of:



if ($_FILES["file"]["error"] > 0){


PS: $HTTP_POST_FILES is a replacement for $_FILES


wrong PS.
correct is $_FILES is a replacement for $HTTP_POST_FILES


best regards

macleodjb
02-23-2008, 08:20 PM
I used this directly from php.net, and it still doesn't work. I tried a few different files and none of them work. Could this be a problem with my server?



$uploaddir = '/members/photos';
$uploadfile = $uploaddir . basename($_FILES['userfile']['name']);

echo '<pre>';
if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) {
echo "File is valid, and was successfully uploaded.\n";
} else {
echo "Possible file upload attack!\n";
}

echo 'Here is some more debugging info:';
print_r($_FILES);

print "</pre>";


What happens is it evaluates saying that this is a possible file upload attack and then below it, it gives all the information for the file i clicked on. All the information is present it just doesn't seem to want to work.

CFMaBiSmAd
02-23-2008, 08:27 PM
I wonder where people keep finding that upload code (in the first post). The ['error'] element is only checked after the ['type'] and ['size'] are checked, but an upload error will prevent the the type and size from having any value, so no true error information will ever be reported. Code must check for errors first before accessing any of the data values.

$HTTP_POST_FILES is depreciated as of php4.1 (was replaced by $_FILES), turned off by default in php5, and eliminated in php6.

The main reason why your code is not working is because the name="..." of your form field does not match the name you are using in your form processing code.

oesxyl
02-23-2008, 08:56 PM
thank you for correction, CFMaBiSmAd

wrong understanding of:



Use $HTTP_POST_FILES instead if using an earlier version


As CFMaBiSmAd said, you have 'uploadedfile' in form


<form enctype="multipart/form-data" action="upload-photo.php" method="POST">
<input type="hidden" name="MAX_FILE_SIZE" value="100000" />
Select the photo to upload<br /><br />
<input name="uploadedfile" type="file" /><br /><br />
<input type="submit" value="Upload File" />
</form>


instead of 'file' must be 'uploadedfile':



if ((($_FILES["uploadedfile"]["type"] == "image/jpg")
|| ($_FILES["file"]["type"] == "image/jpeg")
|| ($_FILES["file"]["type"] == "image/pjpeg"))
&& ($_FILES["file"]["size"] < 100000))


best regards

Inigoesdr
02-23-2008, 09:07 PM
$uploaddir = '/members/photos';
That path is not likely correct because when you preceed the path with a forwardslash like that it starts at the directory root, and you don't have a trailing slash. So, you more than likely want to use:


$uploaddir = './members/photos/';



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum