Cannot read full path for image file from user system

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
leon_nerd
Forum Commoner
Posts: 25
Joined: Tue Aug 21, 2007 1:20 pm

Cannot read full path for image file from user system

Post by leon_nerd »

Hello Everyone,

I am facing a problem which I think is simple but somehow I am not able to catch the mistake. I am trying to upload an image file. Now, what I want to do is before I upload the file I want to see if the file really exists on user machine or not. I tried doing:

Code: Select all

 
$imagename=$_FILES['uploadedimage']['name'];
if (file_exists($imagename){
echo "File exists on the user machine";
}
 
Now, the variable $imagename returns only the file name and not the full system path from the user system. I want to get the full file path name. How can I achieve this?

Thanks.
Flamie
Forum Contributor
Posts: 166
Joined: Mon Mar 01, 2004 3:19 pm

Re: Cannot read full path for image file from user system

Post by Flamie »

its not ['name'] but ['tmp_name'].
When a file is uploaded its stored with a temp name, once you have it, you need to use move_uploaded_file() to move it where you want.
leon_nerd
Forum Commoner
Posts: 25
Joined: Tue Aug 21, 2007 1:20 pm

Re: Cannot read full path for image file from user system

Post by leon_nerd »

I don't think this is what I am looking for.

Suppose, my application lets users upload an image file. Now I am using <input type='file'> tag to let the user browse and upload the file. Suppose the user manually types in "D:/existing_dir/existing_subdir/fictitious_image.jpg

Now this fictitious_image.jpg doesn't exists on the user machine. How am I going to validate this path before I start handling the uploading of the file?

Thanks.
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Re: Cannot read full path for image file from user system

Post by John Cartwright »

Take a look at Handling Uploads in the manual, which leads you to Error Messages Explained.

Basically, try uploading a fictitious file and examine the contents of $_FILES['fieldname']['error'].
leon_nerd
Forum Commoner
Posts: 25
Joined: Tue Aug 21, 2007 1:20 pm

Re: Cannot read full path for image file from user system

Post by leon_nerd »

I tried it and nothing happens. It right away processes the upload. And when I check the destination directory i see an image file there but it is not readable.
I am using the command copy($_FILES['image']['tmp_name'], $newname); to move the file. It just thinks of the fictitious file as a valid one and creates and image file in the destination folder although unreadable.

Am I doing something wrong here?

Here is the code:

Code: Select all

 
           //reads the name of the file the user submitted for uploading
        $image=$_FILES['image']['name'];
 
        //if it is not empty
        if ($image)
        {
            if (!($_FILES['image']['error'])) {
 
                //get the original name of the file from the clients machine
                $filename = stripslashes($_FILES['image']['name']);
 
                //get the extension of the file in a lower case format
                $extension = getExtension($filename);
                $extension = strtolower($extension);
 
                //if it is not a known extension, we will suppose it is an error and will not  upload the file,
                //otherwise we will do more tests
                if ((($extension != "jpg") && ($extension != "jpeg") && ($extension != "png") && ($extension != "gif")) || ($extension==""))
                {
                    //print error message
                        //echo '<h1>Unknown extension!</h1>';
                        $errors=1;
                        $error_flag=TRUE;
                }
                    else
                {
                    //get the size of the image in bytes
                     //$_FILES['image']['tmp_name'] is the temporary filename of the file
                     //in which the uploaded file was stored on the server
                     $size=filesize($_FILES['image']['tmp_name']);
                    //compare the size with the maxim size we defined and print error if bigger
                    if ($size > MAX_SIZE*1024)
                    {
                        //echo '<h1>You have exceeded the size limit!</h1>';
                        $errors=2;
                        $error_flag=TRUE;
                    }
                    else
                    {
                               //we will give an unique name, for example the time in unix time format
                        $image_name=time().'.'.$extension;
 
                        //the new name will be containing the full path where will be stored (images folder)
                        $newname="images/players/".$image_name;
 
                        //we verify if the image has been uploaded, and print error instead
                        $copied = copy($_FILES['image']['tmp_name'], $newname);
 
                        if (!$copied)
                        {
                            //echo '<h1>Copy unsuccessfull!</h1>';
                            $errors=3;
                            $error_flag=TRUE;
                        }
                    }
                }
            }
            else{
                $errors=6;
                $error_flag=TRUE;
            }
        }
        else
        {
            //File not found
            $errors=5;
            $error_flag=TRUE;
        }
        //If no errors registred, print the success message
        if(isset($_POST['Submit']) && !$errors)
        {
            require('config.php');
 
            //Create conenction
            $db=mysql_connect($dbhost,$dbuser,$dbpassword);
 
            //Select DB with connection
            mysql_select_db($dbdatabase,$db);
 
            $sql="INSERT INTO players
                    VALUES('','"
                     . $_POST['playername'] ."','"
                     . $_POST['abouttheplayer'] ."','"
                     . $newname . "','0');";
            mysql_query($sql);
        }
    }
 
 
User avatar
onion2k
Jedi Mod
Posts: 5263
Joined: Tue Dec 21, 2004 5:03 pm
Location: usrlab.com

Re: Cannot read full path for image file from user system

Post by onion2k »

You can't do what you're looking for. It's impossible. You have no access to the user's computer. All you can do is check the uploaded file is an image (try getimagesize() ).
leon_nerd
Forum Commoner
Posts: 25
Joined: Tue Aug 21, 2007 1:20 pm

Re: Cannot read full path for image file from user system

Post by leon_nerd »

Thanks. Problem Solved. :D
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Re: Cannot read full path for image file from user system

Post by John Cartwright »

Code: Select all

if (!($_FILES['image']['error'])) {
should be

Code: Select all

if ($_FILES['image']['error'] == UPLOAD_ERR_OK) {
Considering the value of the constant UPLOAD_ERR_OK is 0, you have a double negative -- which is why you saw files being created that were unreadable (because its a blank nonexistent!).

Like onion pointed out, you don't check for the existence of the file on the user machine.. you simply check if a file was successfully uploaded or not.

p.s. you should be using move_uploaded_file() instead of copy()
Post Reply