multiple file upload
Moderator: General Moderators
multiple file upload
Hi,
I am facing a weird problem.
I am uploading multiple files using a form.
Right now I am trying to upload the following 4
files:
file 1, size = 2686 bytes
file 2, size = 746 bytes
file 3, size = 3516 bytes
file 4, size = 3277 bytes
If I try to upload them in that order the size of file 4 is shown to be 0 bytes on the file server
If I swap file 3 and 4 then I have the same problem of file size being 0 on the file server.
However, if I upload in the order file 1, file 3, file 4, file 2 then everything works fine and all the files show the right size.
As long as I don't upload files 3 and 4 last, the file ize of the last uploaded file is shown to be correct otherwise 0.
Any help would be appreciated.
Thanks
-Nayeem
I am facing a weird problem.
I am uploading multiple files using a form.
Right now I am trying to upload the following 4
files:
file 1, size = 2686 bytes
file 2, size = 746 bytes
file 3, size = 3516 bytes
file 4, size = 3277 bytes
If I try to upload them in that order the size of file 4 is shown to be 0 bytes on the file server
If I swap file 3 and 4 then I have the same problem of file size being 0 on the file server.
However, if I upload in the order file 1, file 3, file 4, file 2 then everything works fine and all the files show the right size.
As long as I don't upload files 3 and 4 last, the file ize of the last uploaded file is shown to be correct otherwise 0.
Any help would be appreciated.
Thanks
-Nayeem
Here is the code:
Code: Select all
<form enctype="multipart/form-data" action="uploadfilesonly.php" method="post">
<input type="hidden" name="MAX_FILE_SIZE" value="2097152"></input>
<table>
<?
$uploadNeed = $_POST['uploadNeed'];
for($x=0;$x<$uploadNeed;$x++){
?>
<tr><td>
<? if($x>0) {?>
file <?echo $x;?>: <input name="uploadFile<? echo $x;?>" type="file" id="uploadFile<? echo $x;?>" size=100></td></tr> <? } // Save the driver class file name.
else {
?> Dr file:<input name="uploadFile<? echo $x;?>" type="file" id="uploadFile<? echo $x;?>" size=100></td></tr> <? } } ?> <tr><td align=right>
<p><input name="uploadNeed" type="hidden" value="<? echo $uploadNeed;?>">
<input type="submit" name="Submit" value="Submit"> </td></tr> </table>
</p> </form>Here is the upload handling code:
Code: Select all
for($x=0; $x<$uploadNeed;$x++)
{
$file_name = $_FILES['uploadFile'.$x]['name'];
// strip file_name of slashes
$file_name = stripslashes($file_name);
$file_name = str_replace("'","",$file_name);
if(!ssh2_scp_send ($ss_connect,$_FILES['uploadFile'.$x]['tmp_name'],'/tmp/'.$file_name,0644))
{
echo "Problem: Could not move $file_name into directory";
exit;
}
echo "$file_name uploaded successfully<br><br>";
}Here are some of the tests that I run. I am just including the if statements:
I also check that the user is logged in.
Thanks
-Nayeem
Code: Select all
1. if($file_name =="")
2. if($_FILES['uploadFile'.$x]['size']==0)
3. if($_FILES['uploadFile'.$x]['type'] != "application/octet-stream")
4. if(!is_uploaded_file($_FILES['uploadFile'.$x]['tmp_name']))Thanks
-Nayeem
- feyd
- Neighborhood Spidermoddy
- Posts: 31559
- Joined: Mon Mar 29, 2004 3:24 pm
- Location: Bothell, Washington, USA
'type' is supplied by the submitting agent and isn't verified by PHP. It's a bad idea to rely on it. Checking the file's content itself is, unfortunately, the only way to verify the file is acceptable. mime_content_type() and/or getimagesize() may be of interest.nayeemmz wrote:The type check is there because I want to upload only a particular type of files.
It wasn't intended to fix your issue, only help close a gaping security hole in your script.nayeemmz wrote:I understand about the basename() part but I don't think I understand how basename() could possibly solve the problem that I am having, though.