Page 1 of 1

file upload....

Posted: Fri Jun 28, 2002 10:26 am
by fdost
Hi I have a form that uploads a file from client machine. on php i can't get name, size or type of file. I can't copy the file either. i get this error when coping the file...
"Warning: Unable to open '' for reading: Permission denied in d:\program files\apache group\apache\htdocs\php_test\upload.php on line 21"

i tried both using form's input name and getting the form's input name from HTTP_POST_VARS but none of them work. i also tried it with and without <INPUT TYPE="hidden" name="MAX_FILE_SIZE" value="1000">
could something be wrong in my server setup????
I am using Apache server. here is my code.....

Thank you for your help....

....fileupload.html.....
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html><head><title>Untitled</title></head><body>

<form action="upload.php" method="post" enctype="multipart/form-data">

<input type="file" name="userfile">
<input type="submit">

</form></body></html>

...upload.php.....
<?php
//get userfile name using form's input name
echo "<BR><h3>Using form input name(userfile)</h3><hr>";
echo "file name: $userfile <br>";
echo "orignal name: $userfile_name<br>";
echo "file size: $userfile_size<br>";
echo "file type: $userfile_type<br>";

//get userfile name from $HTTP_POST_VARS.
$key = 'userfile';
$file = $HTTP_POST_VARS[$key];

echo "<BR><H3>Using HTTP_POST_VARS</h3><hr>";
echo "file name: $file <br>";
echo "orignal name: $file_name<br>";
echo "file size: $file_size<br>";
echo "file type: $file_type<br>";

$destination=".\\images";
$source_file=stripslashes($file_name);
if(copy($file,$destination."\\".$source_file))
echo "file copied<br>";
else
echo "failed to copy file<br>";

?>

Posted: Fri Jun 28, 2002 11:01 am
by fdost
ok i got the solution....
here is what i used
'Template_Source' is my input field name

$fname = $HTTP_POST_FILES['Template_Source']['name'];
echo "file name: $fname<br>";

$ftype = $HTTP_POST_FILES['Template_Source']['type'];
echo "file type: $ftype<br>";

$fsize = $HTTP_POST_FILES['Template_Source']['size'];
echo "file size: $fsize<br>";

$tempname = $HTTP_POST_FILES['Template_Source']['tmp_name'];
echo "tempname: $tempname<br>";

if (is_uploaded_file($HTTP_POST_FILES['Template_Source']['tmp_name'])) {
copy($HTTP_POST_FILES['Template_Source']['tmp_name'], "templates\\$fname");
} else {
echo "Possible file upload attack. Filename: " . $HTTP_POST_FILES['Template_Source']['name'];
}