Page 1 of 1

Upload file - how to detect wrong input

Posted: Wed Jul 01, 2009 12:22 pm
by bryansu
Hi,

I am working uploading feature with php and come to my mind of wondering what if user choose to input something like below

C:\php\extras\

And when click submit to next page, you will see the error message below. So the question is how to solve this kind of issue from happening. My idea is to use javascript to detect the value..but i am looking on other alternative.

Warning: move_uploaded_file(image_upload/extras") [function.move-uploaded-file]: failed to open stream: Invalid argument in D:\10 Document\Personal\www\www_04\t4.php on line 7

Warning: move_uploaded_file() [function.move-uploaded-file]: Unable to move 'C:\WINDOWS\Temp\php36.tmp' to 'image_upload/extras"' in D:\10 Document\Personal\www\www_04\t4.php on line 7
array(5) { ["name"]=> string(7) "extras"" ["type"]=> string(24) "application/octet-stream" ["tmp_name"]=> string(25) "C:\WINDOWS\Temp\php36.tmp" ["error"]=> int(0) ["size"]=> int(0) }

Re: Upload file - how to detect wrong input

Posted: Wed Jul 01, 2009 1:26 pm
by requinix
JavaScript? Lord no.

Don't know what you did but the destination name has a quotation mark in it. That's not valid on Windows so you can't copy it using that name.
So how did you upload something called extras"?

Re: Upload file - how to detect wrong input

Posted: Wed Jul 01, 2009 2:44 pm
by BornForCode
You cannot use the JavaScript to detect input.

There are two ways to verify the upload, one to check it's extension which is not hack proof, the other one (the safe way) is to read file header, for example:

To identify gif:

Code: Select all

Byte    1   2   3
Hex 47  49  46
Char    G   I   F
To identify jpeg:

Code: Select all

Byte    1   2   3   4   5   6   7   8   9   10  11
Hex FF  D8  FF  E0  Skip    Skip    4A  46  49  46  00
Char    ÿ  Ø  ÿ  à  Skip    Skip    J   F   I   F   

Re: Upload file - how to detect wrong input

Posted: Wed Jul 01, 2009 8:23 pm
by bryansu
I dont have any idea why there is quatation mark there. But one thing for sure is that the entries value is causing it hair-wired...
Either i write a new script to detect the input or is a bugs on my programming. i tried to input a valid path to a filename and it works. My script are very straight forward. See below.

Page 1

<form name="form_name" method="post" action="t4.php" enctype="multipart/form-data">
<input name="fld_pic" size="50" type="file">
<br><input name="Submit1" type="submit" value="submit">
</form>

Page 2

$upload_file = $_FILES['fld_pic']["tmp_name"];
$dest_file = $_FILES['fld_pic']["name"];
$ok = move_uploaded_file($upload_file,'image_upload/'.$dest_file);
var_dump ($_FILES['fld_pic']);