Page 1 of 1
Anotehr File upload problems w/ htp-post_files
Posted: Wed Feb 12, 2003 1:57 pm
by PingLeeQuan
Hi... I am having trouble getting File Upload to work. I searched the form and I found a post that is EXACTLY the same as mine (by jim) but there were not replies to it. When I run this script, I always come up blank... I am running it as a test script before I dive into the main upload class.
And my $HTTP_POST_FILES is always blank... Any suggestions? Thanks lots
Please help
the whole code follows
Code: Select all
<? if (isset($HTTP_POST_VARSї'submitted'])) {
if (is_uploaded_file($HTTP_POST_FILESї’userfile’]ї’tmp_name’])) {
copy($HTTP_POST_FILESї’userfile’]ї’tmp_name’], "/html/webuser/docs");
} else {
echo "error uploading Filename: " . $HTTP_POST_FILESї’userfile’]ї’name’];
}
}
?>
<form enctype="multipart/form-data" action="<?PHP $PHP_SELF ?>" method="post">
<input type="hidden" name="submitted" value="true">
Upload this file:<br>
<input name="userfile" type="file"><br>
<input type="hidden" name="MAX_FILE_SIZE" value="10000">
<br><br>
<input type="submit" value="Send File">
</form>
<hr>
</body>
</html>
Posted: Wed Feb 12, 2003 2:34 pm
by daven
A) anything in HTTP_POST_FILES should use a single quote to name things (ex: $HTTP_POST_FILES['userfile']['tmp_name']). I am unsure if the character you have is a single quote or not (it does not look like it from this end).
B) <input type="hidden" name="MAX_FILE_SIZE" value="10000"> should go before <input type="file">
C) copy() needs the full path to the copy location
Code: Select all
<?php copy($_FILES['userfile']['tmp_name'], "/full/path/to/where/you/want/file/including/filename.ext"); ?>
D) Any particular reason you are using HTTP_POST_FILES rather than $_FILES[]?
Also, try putting checks to see how far you get (for debugging purposes)
Code: Select all
<?php
if (isset($HTTP_POST_VARS['submitted'])) {
echo "Submittted";
if (is_uploaded_file($HTTP_POST_FILES[’userfile’][’tmp_name’])) {
echo "File uploaded";
copy($HTTP_POST_FILES[’userfile’][’tmp_name’], "/html/webuser/docs");
} else {
echo "error uploading Filename: " . $HTTP_POST_FILES[’userfile’][’name’];
}
}
?>
Posted: Wed Feb 12, 2003 2:48 pm
by PingLeeQuan
Thanks Daven for replying... to address the questions
a) Yes, i am using single quotes
b) i also put the max file size before the <input filexxxxxx> and it is still does not work (i do not think that this would matter... but i might be wrong)
c)I provided the full path and still same thing
d) i am using PHP 4.0.1
I always come up empty whenever i try to do the following
Code: Select all
echo '---'.$HTTP_POST_FILESї’userfile’]ї’tmp_name’];
which displayes my error message
I also chmod all directories to 777 (for testing purposes)....
Thanks again
Posted: Wed Feb 12, 2003 3:07 pm
by daven
hmmm.....
So it seems like you are not getting past the is_uploaded_file part. Try the following changes:
Code: Select all
<?php
# use $HTTP_POST_FILES['userfile']['name'] rather than $HTTP_POST_FILES['userfile']['tmp_name']
if(is_uploaded_file($HTTP_POST_FILES['userfile']['name'])
?>
Code: Select all
<?php
# yet again, the filename should be from $HTTP_POST_FILES['userfile']['name']
$file_name=$HTTP_POST_FILES['userfile']['name'];
$file_path="/full/path/to/dir/".$file_name;
copy($HTTP_POST_FILES['userfile']['tmp_name'], $file_path);
?>
Let me know if this does not work.
Posted: Wed Feb 12, 2003 3:07 pm
by volka
$HTTP_POST_FILES[’userfile’][’name’];
use ' instead of ’
what does
Code: Select all
echo '<pre>'; print_r($HTTP_POST_FILES); echo '</pre>';
show?
maybe you should increase the error-reporting level and enable display_errors as long as you're developing your scripts.
Code: Select all
<?php error_reporting(E_ALL); ini_set('display_errors', TRUE); ?>
... remaining script ...
Posted: Wed Feb 12, 2003 3:25 pm
by PingLeeQuan
I tried the script that you provided and it works very well. THANK YOU SOOOOOOOOO MUCH.
My question remains however, why it that HTTP_POST_FILES is not working and it always returns empty.
This is the 2nd thing in PHP (So Far) that i have to work around. The first one was with session_start and HTTP_SESSION_xxxx not working and i had to do a work around.
May be I am not understanding this right or maybe PHP is temperamental.
I just hate to keep working around functions that PHP docs say it works.
At any rate, Thanks a lot for your help... I will go with your solution and may be i can convince the Sys. Admin. to upgrade to the new PHP
--quan
Posted: Wed Feb 12, 2003 4:24 pm
by daven
If I am reading everything correctly, your problem came from using HTTP_POST_FILES['userfile']['tmp_name']. The tmp_name attribute only works as an internal reference for PHP. You have to use the ['name'] attribute when you are calling the file. It is not a bug in PHP, that is the way it is supposed to work. However, it took me a while to learn that when I began playing with file uploads.
Do beat your SysAdmin until he upgrades your PHP. It is worth it. *grin*
Posted: Thu Feb 13, 2003 7:30 am
by PingLeeQuan
i agree with you Daven... When I started encountering those problems, I started doing "process of elimination" and started to try everything and anything.
The whole thing stems from the fact that i cannot get HTTP_POST_VARS to recognize the file name and it keep giving me a "none" for the file name.
I.E. Look at the following code that outputs the result which is after it: (I turned all errors and warnings to on)
Code: Select all
if (isset($HTTP_POST_VARSї'submitted'])) {
echo '<br>-0--'.$HTTP_POST_FILESї$userfile]ї'name'];
echo '<br>-1--'.$HTTP_POST_FILESї$userfile]ї'tmp_name'];
echo '<br>-2--'.$HTTP_POST_FILESї$userfile]ї'error'];
echo '<br>-3--'.$HTTP_POST_FILESї$userfile];
echo '<br>-0a--'.$HTTP_POST_FILESї'userfile']ї'name'];
echo '<br>-1a--'.$HTTP_POST_FILESї'userfile']ї'tmp_name'];
$input_array = $HTTP_POST_FILESї'userfile'];
print_r('<br>-2a--'.array_keys($input_array));
echo '<br>-3a--'.$HTTP_POST_FILESї'userfile'];
if (is_uploaded_file($HTTP_POST_FILESї$userfile]ї'name']) ) {
copy($HTTP_POST_FILESї$userfile]ї'name'], "/home/www/html/rfp/docs");
} else {
echo "Possible file upload attack. Filename: " . $HTTP_POST_FILESї'userfile']ї'name'];
echo "\n http_post_files: " . $HTTP_POST_FILESї$userfile]ї'tmp_name'];
}
}
?>
<form enctype="multipart/form-data" action="<?PHP $PHP_SELF ?>" method="post">
<input type="hidden" name="submitted" value="true">
Upload this file:<br>
<input type="hidden" name="MAX_FILE_SIZE" value="10000">
<input name="userfile" type="file"><br>
<input type="submit" value="Send File">
</form>
the output is
Code: Select all
Warning: Undefined index: none in /home/www/html/admin/test_fileupload.php on line 13
-0--
Warning: Undefined index: none in /home/www/html/admin/test_fileupload.php on line 14
-1--
Warning: Undefined index: none in /home/www/html/admin/test_fileupload.php on line 15
-2--
Warning: Undefined index: none in /home/www/html/admin/test_fileupload.php on line 16
-3--
-0a--
-1a--none
-2a--Array
-3a--Array
Warning: Undefined index: none in /home/www/html/admin/test_fileupload.php on line 23
Possible file upload attack. Filename:
Warning: Undefined index: none in /home/www/html/admin/test_fileupload.php on line 27
http_post_files:
As you can see, I keep coming up with file name of none. I was able to get it to tell me that the file name is an array. But that’s as far as I was able to take it.
Posted: Thu Feb 13, 2003 7:34 am
by twigletmac
Have you tried using this code that volka posted:
Code: Select all
echo '<pre>'; print_r($HTTP_POST_FILES); echo '</pre>';
it will show you all of the contents of the $HTTP_POST_FILES array.
Mac
Posted: Thu Feb 13, 2003 7:38 am
by PingLeeQuan
Thanks twigletmac... Yes i did and it gave me "none" for file name... this is the result of the print_r
Code: Select all
Array
(
їuserfile] => Array
(
їname] =>
їtype] => application/octet-stream
їtmp_name] => none
їsize] => 0
)
)
Posted: Thu Feb 13, 2003 7:43 am
by twigletmac
It's also showing the size of the file as 0 - the file doesn't seem to be uploading. Have you checked the output of phpinfo:
in case file uploading is turned off (i.e. file_uploads = 0)?
Mac
Posted: Thu Feb 13, 2003 7:48 am
by PingLeeQuan
Yes and the value for file_uploads is 1 for the local value and 1 for the master.
I also have safe_mode turned off, register_globals to ontrack_errors to OFF.
Posted: Thu Feb 13, 2003 10:27 am
by aybra
Code: Select all
<?php
echo '<br>-0--'.$HTTP_POST_FILES[$userfile]['name'];
?>
ok... sorry dumb questin and running on a limited knowledge... but
shouldnt the above code read:
Code: Select all
<?php
echo '<br>-0--',$HTTP_POST_FILES[$userfile]['name'];
?>
using a comma before $HTTP rather than a period??
Posted: Thu Feb 13, 2003 11:07 am
by PingLeeQuan
no... the correct string concatenation is a period.
Posted: Thu Feb 13, 2003 2:47 pm
by daven
The problem is that no file is actually being uploaded (hence the name="" and size=0 attributes). Do you have register_globals on? You mentioned it, but did not say whether it was on or off. For HTTP_POST_FILES, register_globals must be on, or you will get nulls similar to the results you have been experiencing.
Try the following code, as written
Code: Select all
<html>
<body>
<form enctype="multipart/form-data" action="<?PHP echo($PHP_SELF)?>" method="post">
<input type="hidden" name="MAX_FILE_SIZE" value="10000">
Upload this file:<br>
<input name="userfile" type="file" size="50"><br>
<br><br>
<input type="submit" value="Send File">
</form>
</body>
</html>
Code: Select all
<?php
if($HTTP_POST_FILES['local_file']['name']!=""){
if(filesize($HTTP_POST_FILES['local_file']['tmp_name'])>0){
$file_Name=$HTTP_POST_FILES['local_file']['name'];
$file_Path="/your/path/".$file_Name;
copy($HTTP_POST_FILES['local_file']['tmp_name'], $file_Path) or die("copy failed");
echo "File Uploaded Successfully";
}else{echo "File size=0. No file";}
}else{echo "no file uploaded";}
?>