Page 1 of 1

PHP & file uploads on a linux server

Posted: Sun Jul 11, 2004 6:05 pm
by nigma
Have any of you ever seen a file upload done like this:

Code: Select all

$fileToUpload = $_POST['filetoupload'];
// perform necessary checks on $fileToUpload then:
system("mv $fileToUpload /path/to/new/location/of/file");
Because you are using the unix/linux system command mv you would of course need to be on a unix/linux type system that has mv.

I'm hoping some of the people who read this post could fill me in on some of the ups and downs of doing things this way?

Posted: Sun Jul 11, 2004 7:05 pm
by ol4pr0
i believe you would need to use exec instead. And apache should have control over those directories if i am not mistaken. you will have to chown them

Posted: Sun Jul 11, 2004 7:28 pm
by markl999
You could only send a file name/path etc in a POST form. You wouldn't actually be uploading anything. So using that POST method you'de have to have a file already on the server named the same as the one they enter in the form, and you'de only end up moving that :o

Posted: Sun Jul 11, 2004 10:32 pm
by nigma
to address ol4pr0: it was exec, I edited the post, thanks for pointing that out.

But, mark, i'll check over the code i'm asking about tomorrow and find out what I misread / left out of my original post to make.

One thing that this guy mentioned when trying to explain why this works to me is that some kind of temporary file is created when they submit the form and then he just relocates that temp file to a permanent directory ?

I'll talk to him next time I see him and post the outcome of our conversation, thanks for checking the post out.

Posted: Sun Jul 11, 2004 10:50 pm
by feyd
it'd be something more like:

Code: Select all

<?php

$moveThis = $_FILES['file']['tmp_name'];
$toHere = '/path/to/new/location/' . $_FILES['file']['name'];

`mv $moveThis $toHere`;

?>
however, there's a good chance, system calls (exec, shell_exec, system) could be disabled on the server.. in which case using [php_man]move_uploaded_file[/php_man] is an easier solution..

Posted: Mon Jul 12, 2004 9:50 am
by nigma
Yea feyd, I had things mixed up.

But anyway, now that we have an example that illustrates the technique, anyone want to post some of the ups and downs of doing things this way?