PHP Move_Uploaded_File problem

[SteeringFaith]

Hi,

I am trying to allow users on my website to upload a file. The file will be stored permanently in a directory labelled upload and then the file will be saved on a mysql database. The problem starts with saving the file permanently. The file does not show up in the directory i've labelled. Can you check my code out because I have looked up solutions for a while and I am kinda stuck?

Thanks, Eric

PHP Code:

<?php
//require('../usr/local/pem/vhosts/xxxx/webspace/httpdocs/');

//ini_set('include_path', '/usr/local/pem/vhosts/xxxx/webspace/httpdocs/upload/'); 
      
//ini_set('include_path', '/usr/libexec/php5-cgi/share/pear/:/usr/libexec/php4-cgi/share/pear/:/usr/local/pem/vhosts/xxxx/upload');     
      
//include(dirname($_SERVER['DOCUMENT_ROOT']) . DIRECTORY_SEPARATOR . 'upload');      

//include('upload');

//require('/usr/libexec/php5-cgi/share/pear/:/usr/libexec/php4-cgi/share/pear/:/usr/local/pem/vhosts/xxxx/upload');
  
// $root = $_SERVER['DOCUMENT_ROOT'];
//include($root."/usr/local/pem/vhosts/xxxx/upload/");  
//       
// ini_set('include_path', $root . "/upload");     

//echo $root; 
echo "<br />";    
      
$TheGrade = $_POST['grade'];
            
$Server="xxxx";
$User="xxxx";
$Password="xxxx";
$Database="xxxx";

$name = $_FILES['uploadedfile']['name'];
$type = $_FILES['uploadedfile']['type'];
$size = $_FILES['uploadedfile']['size'];
$file = $_FILES['uploadedfile']['tmp_name'];    
      
$content = "/usr/local/pem/vhosts/xxxx/webspace/httpdocs/upload/". basename($_FILES['uploadedfile']['name']);      

echo $content;    
    
    function savedata(){    
        
global $_FILES, $_POST, $content;        

if($TheGrade==IB2){

$gradetable="IB2FILES";
    
} elseif($TheGrade==IB1){

$gradetable="IB1FILES";
    
} elseif($TheGrade==FY){

$gradetable="FYFILES";
    
} elseif($TheGrade==Y2){

$gradetable="Y2FILES";
    
} elseif($TheGrade==Y1){

$gradetable="Y1FILES";
    
} else {
    
    echo "Connection error: No grade submission";
    $gradetable=null;
    echo $gradetable;
    
}


$connection = mysql_connect($Server, $User, $Password);
if(!$connection){
    die("Couldn't Connect" . mysql_error());
}

$size = "'" . $size . "'";
$type = "'" . $type . "'";    
$name = "'" . $name . "'";    
$content = "'" . $content . "'";    

mysql_select_db($Database, $connection);

if(!get_magic_quotes_gpc()){ 
$content = addslashes($content); 
} 

// open up the file and extract the data/content from it 
// $extract = fopen($file, 'r'); 
// $content = fread($extract, $size); 
// $content = addslashes($content); 
// fclose($extract);  

//'upload_tmp_dir'

$query = "INSERT INTO " . $gradetable . " (name,type,size,file) VALUES (" . $content . "," . $type . "," . $size . "," . $file . ")";

$table = mysql_query($query,$connection);
if (!$table)
{
    die("SQL Error! Query is $query<br />Error is ".mysql_error());
}   

}





//if (isset($_POST['submitb'])) {

if ((($_FILES["file"]["type"] == "image/gif")
|| ($_FILES["file"]["type"] == "image/jpeg")
|| ($_FILES["file"]["type"] == "image/png")
|| ($_FILES["file"]["type"] == "application/msword")
|| ($_FILES["file"]["type"] == "application/pdf")
|| ($_FILES["file"]["type"] == "text/plain")
|| ($_FILES["file"]["type"] == "image/pjpeg")))

  {
      
    if($_FILES["file"]["size"] < 66000000){
        
        // if(!is_dir("uploads")){
            // mkdir("uploads");
//                         
        // }
        
    
if(move_uploaded_file($file,$content)){
    
    
    savedata();
    //headers
    
}else{
    //we failed instead of moving, copying
    if(copy($file,$content)){
        //we have success!
        savedata();
        
        //headers

    }else{
        //we totally failed... so lets tell them.
        echo 'You totally failed. click <a href="index.php">here</a> to go back and try again.';
    }
}    
    


    } else {
        
        echo "File size is too large.";
        
    }

} else {
                   
           $fte = "'" . "filelist.html" . "'" . "," . "'" . "File type not accepted. Please review the page below." . "'";    
        
      echo "<script type=text/javascript>
            window.open(" . $fte . ")
            </script>";    
       
  }

echo "File Uploaded!";
    
?>

[SteeringFaith]

Any help would be appreciated

[kbduvall]

The first thing I notice is in your savedata() function you are trying to access some global variables that aren't declared as global:

PHP Code:

$size = "'" . $size . "'";
$type = "'" . $type . "'";    
$name = "'" . $name . "'";    
$content = "'" . $content . "'"; 


Either add those to the global declaration, or access them in your function VIA the $_FILES array.

[SteeringFaith]

Thanks, will do.

[DrDOS]

I don't see chmod anywhere in your script. Usually you have to chmod upload files and folders. I would recommend against uploading to a common folder, too much chance of collisions. A good way is to make a large separate folder just for the images, and have individual folders for each user inside it.