Page 1 of 2

Need Help: File Upload

Posted: Tue Jun 24, 2003 7:03 pm
by stonerifik
release_script.php

Code: Select all

<?
 if ($_FILES&#1111;file1] != "") &#123;
	@copy($_FILES&#1111;file1]&#1111;tmp_name], "/htdocs/DPv.3/uploads/".$_FILES&#1111;file1]&#1111;name]) or die("Couldnt Upload File");
&#125;
 else &#123;
	die("No file selected for upload");
&#125;

?>

<HTML>
Upload Successful
</HTML>
that is code i got from this book i bought, changed just some... but yeah i have my form and i have it headed like this

form.php

Code: Select all

<form action=release_script.php method=post encrypt=multipart/form-data>
<input type="file" class="post" name="file1">
</form>
everytime i try to upload a file, it gives the die command "no file selected for upload" ... i dont know why this is happening , so if someone could please help and explain it would be greatly appriciated thanks

Posted: Tue Jun 24, 2003 7:59 pm
by phice
I'm sure it's not that you don't have the folder CHMODed, because it probably would give that error first. But, if you don't, make sure that you do so.

First thing that I would make note of, when using arrays, always put alphanumeric key values in quotes (ie: $_FILES['file1']['tmp_name']). Next, check out the file_upload function.

Form code (form.html):

Code: Select all

&lt;form enctype="multipart/form-data" action="upload.php" method="post"&gt;
&lt;input type="hidden" name="MAX_FILE_SIZE" value="30000"&gt;
Send this file: &lt;input name="userfile" type="file"&gt;
&lt;input type="submit" value="Send File"&gt;
&lt;/form&gt;
PHP code (upload.php):

Code: Select all

<?php

// Set uploaddir variable
$uploaddir = '/var/www/uploads/';

print "<pre>";
if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploaddir . $_FILES['userfile']['name'])) {
    print "File is valid, and was successfully uploaded.  Here's some more debugging info:\n";
    print_r($_FILES);
} else {
    print "Possible file upload attack!  Here's some debugging info:\n";
    print_r($_FILES);
}
echo "</pre>";
?>
Try the code above and check back with us if this works or not.

Posted: Tue Jun 24, 2003 9:17 pm
by stonerifik
Possible file upload attack! Here's some debugging info:
Array
(
)
that is what it said when i tried uploading a 5 KB .jpg file... any help?

Posted: Tue Jun 24, 2003 9:30 pm
by DuFF

Code: Select all

<?php
// In PHP earlier then 4.1.0, $HTTP_POST_FILES should be used instead of $_FILES.
// In PHP earlier then 4.0.3, use copy() and is_uploaded_file() instead of move_uploaded_file
?>
That was a part that phice left off when he gave you that example from PHP.net. Make sure that you have the most updated PHP. If you cant update, try using copy() and $HTTP_POST_FILES.

Posted: Tue Jun 24, 2003 9:44 pm
by stonerifik
my server is running PHP 4.3.1 ... so yeah... would i need to change the source for this version as well?

Posted: Wed Jun 25, 2003 8:24 am
by DuFF
If you want you can update to 4.3.2 but that should not be the problem.
I have also just recently made an upload form using POST but I used copy instead of move_uploaded_file.

First of all, I noticed some errors in form.php. Here is a corrected version.

Code: Select all

&lt;form action=release_script.php method=post enctype=multipart/form-data&gt; 
&lt;input type="file" name="file1"&gt;
&lt;input type="submit" value="Submit"&gt; 
&lt;/form&gt;
Then try using this as release_script.php:

Code: Select all

<?php
$uploaddir = "/htdocs/DPv.3/uploads/";
if ($_FILES[file1] != "") { 
   copy($_FILES[file1][tmp_name], $uploaddir .$_FILES[file1][name]) or die("Couldnt Upload File"); 
} 
else { 
   die("No file selected for upload"); 
} 

?>
 

<HTML> 
Upload Successful 
</HTML>

Posted: Wed Jun 25, 2003 7:32 pm
by stonerifik
Warning: copy(/htdocs/DPv.3/uploads/1.jpg) [function.copy]: failed to create stream: No such file or directory in c:\program files\apache group\apache\htdocs\members\release_script.php on line 4
Couldnt Upload File

that is the error in which i have gotten... well not really and error, more of a warning, but its still not uploading the file... any suggestions?

Posted: Thu Jun 26, 2003 12:01 am
by DuFF
Do you actually have a folder named "/htdocs/DPv.3/uploads/" on your server? Try changing the upload directory to

Code: Select all

$_SERVER&#1111;'DOCUMENT_ROOT']
That should upload the file to the root of the server.

Posted: Thu Jun 26, 2003 12:29 am
by stonerifik
wow, it works thank you!!
another question though... i dont want to upload it to the root director... but i want to upload it to /uploads/ how would i get that to work?

Posted: Thu Jun 26, 2003 2:47 am
by []InTeR[]
You can change

Code: Select all

$uploaddir = "/htdocs/DPv.3/uploads/";
to

Code: Select all

$uploaddir = $_SERVER['DOCUMENT_ROOT']."/uploads/";
Mind the . before the path.
The dir must be writeable for the script, maybe you have to change the user rigths (chmod).

Posted: Thu Jun 26, 2003 3:26 am
by stonerifik
thank you very much! it works great!... u people are great...

i got another question though

Code: Select all

$uploaddir = $_SERVER&#1111;'DOCUMENT_ROOT']."/uploads/";
how would i change that so if i had someone (from the form) have a drop down menu with options

Programs 1
Programs 2
Programs 3

and the form name is programs... would i have the thing like

Code: Select all

$uploaddir = $_SERVER&#1111;'DOCUMENT_ROOT']."/uploads/$_POST&#1111;'programs']";
is that how i would do it ? im not sure, i would try it but i have to go to sleep now... if someone could give me some guidance or some comfirmation that would be greatly appriciated. thank you!!! thanks all for replys!

Posted: Thu Jun 26, 2003 3:47 am
by stonerifik
haha, i decided to stay up and see if i could make that code work so it would upload into the certain director.. and i did it!

Code: Select all

$uploaddir = $_SERVER&#1111;'DOCUMENT_ROOT']."/uploads/".$_POST&#1111;'directory']."/";
thats how i did it, and it works, if there is a better way would u please post it? (the directory that is selected from the list has to already be created before uploading file or gets an error)

also if you could maybe give an example of how to check for file type (eg. .zip / .ZIP ) i would be grateful thanks you

Posted: Thu Jun 26, 2003 9:32 am
by DuFF
Because a .zip/.ZIP is not a known mime type, you can probably use explode() and then compare the file extension.

Code: Select all

<?
$uploadext1=".zip"
$uploadext2=".ZIP"
list($filename,$extension) = explode(".",$_FILES[file1][name]);
if($extension==$uploadext1 || $extension==$uploadext2)
{
//Upload code here . . .
}
else
{
die( "File is not the correct format, only .zip is allowed.");
}
?>
I think that should work. Check out this guide for more about file uploads.

Posted: Thu Jun 26, 2003 1:54 pm
by stonerifik

Code: Select all

<?
$uploaddir = $_SERVER&#1111;'DOCUMENT_ROOT']."/uploads/".$_POST&#1111;'directory']."/";
$uploadext1=".zip" 
$uploadext2=".ZIP" 
list($filename,$extension) = explode(".",$_FILES&#1111;file1]&#1111;name]); 
if($extension==$uploadext1 || $extension==$uploadext2) 
&#123; 
 if ($_FILES&#1111;file1] != "") &#123; 
  copy($_FILES&#1111;file1]&#1111;tmp_name], $uploaddir .$_FILES&#1111;file1]&#1111;name]) or die("Couldnt Upload File"); 
  &#125; 
 else &#123; 
  die("No file selected for upload"); 
  &#125;  
&#125; 
 else &#123; 
  die( "File is not the correct format, only .zip is allowed."); 
&#125; 
?> 




<HTML> 
Upload Successful 
</HTML>
that is the code i used ( with ur extention check )
and i get this error
Parse error: parse error, unexpected T_VARIABLE in c:\program files\apache group\apache\htdocs\members\release_script.php on line 4
im sorry i keep asking so many questions, im just trying to get to understand better... anyways could u help?

Posted: Thu Jun 26, 2003 8:42 pm
by stonerifik
ooops i added the ';' at the end of the variables and the script works without the error now... only problem now is that even if i upload the .ZIP file it still says wrong extention... any help ?

thanks