Having a problem with an upload script.

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
WizyWyg
Forum Commoner
Posts: 92
Joined: Tue Aug 06, 2002 7:20 pm

Having a problem with an upload script.

Post by WizyWyg »

Im experiencing a problem with uploading though, it works fine on my PC (win2k, apache, php4 mysql 3.23)but uploaded to a
Linux/apacghe/PHP4/MySQL 3.23 environment results in this:

Warning: Rename failed (Invalid cross-device link) in /var/www/html/employee/admin_picupload.php on line 26

Warning: Cannot add header information - headers already sent by (output started at /var/www/html/employee/admin_picupload.php:26) in /var/www/html/employee/admin_picupload.php on line 34


Form for upload:

Code: Select all

<form enctype="multipart/form-data" action="admin_picupload.php" method=POST>
Change Image? 
<input name="myfile" type="file">
<input type="hidden" name="emp_id" value="1">
<input type="submit" value="Attach File" name="submit2">
</form>
Upload php script:

Code: Select all

<?
//-------------------------------
// admin_employeespicupload CustomIncludes begin


include ("./header.php");
include ("./footer.php");

// admin_employeespicupload CustomIncludes end
//-------------------------------

session_start();
//===============================
// admin_employeespicupload PageSecurity begin
check_security(3);
// admin_employeespicupload PageSecurity end
//===============================

function get_param($param_name)
{
  global $HTTP_POST_VARS;
  global $HTTP_GET_VARS;

  $param_value = "";
  if(isset($HTTP_POST_VARS[$param_name]))
    $param_value = $HTTP_POST_VARS[$param_name];
  else if(isset($HTTP_GET_VARS[$param_name]))
    $param_value = $HTTP_GET_VARS[$param_name];

  return $param_value;
}


//The file to be uploaded
$tmpfile = "images/emps/".$myfile_name;

if (!file_exists($tmpfile)) {
rename($myfile,$tmpfile);
} else {
unlink($tmpfile);
rename($myfile,$tmpfile);
}

//Update the database table for the new record
$uSQL = "update emps set picture='$myfile_name' where emp_id=".get_param("emp_id");  
$db->query($uSQL);

// Redirect the user to the admin_employees.php page
header("Location: admin_employees.php");
?>
Any ideas on why it would work fine on a Win2k environment but not on apache, and I have all the folders on the servers are chmod to 777 (images folder)
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

source and target have to be on the same device for rename.
e.g.
  • /tmp -> hda0
    /www -> hdc0
you might rename /www/dir1/myfile to /www/dir2/myfile_othername but you cannot rename /tmp/08ergfdhbrn78g.tmp to /www/upload/afile
But IIRC move_uploaded_file() can do it.
WizyWyg
Forum Commoner
Posts: 92
Joined: Tue Aug 06, 2002 7:20 pm

Post by WizyWyg »

volka,


looked into it and came up with this:

Code: Select all

<?
//-------------------------------
// admin_employeespicupload CustomIncludes begin

include ("./header.php");
include ("./footer.php");

// admin_employeespicupload CustomIncludes end
//-------------------------------

session_start();
//===============================
// admin_employeespicupload PageSecurity begin
check_security(3);
// admin_employeespicupload PageSecurity end
//===============================

function get_param($param_name) 
{ 
  global $HTTP_POST_VARS; 
  global $HTTP_GET_VARS; 

  $param_value = ""; 
  if(isset($HTTP_POST_VARS[$param_name])) 
    $param_value = $HTTP_POST_VARS[$param_name]; 
  else if(isset($HTTP_GET_VARS[$param_name])) 
    $param_value = $HTTP_GET_VARS[$param_name]; 

  return $param_value; 
} 


//The file to be uploaded
$tmpfile = "images/emps/".$myfile_name;


if(!file_exists($tmpfile)) {
move_uploaded_file($_FILES['myfile']['tmp_name'],  $tmp_name);
} else { 
unlink($tmpfile);
move_uploaded_file($_FILES['myfile']['tmp_name'],  $tmp_name);
}


//Update the database table for the new record
$uSQL = "update emps set picture='$myfile_name' where emp_id=".get_param("emp_id");
  $db->query($uSQL);

// Redirect the user to the admin_employees.php page
  header("Location: admin_employee.php");
?>
But Im getting an error when trying to "upload":

error:

Warning: Unable to create '': No such file or directory in /var/www/html/employee/admin_picupload.php on line 24

Warning: Unable to move '/tmp/phpObkoFs' to '' in /var/www/html/employee/admin_picupload.php on line 24

Warning: Cannot add header information - headers already sent by (output started at /var/www/html/employee/admin_picupload.php:24) in /var/www/html/employee/admin_picupload.php on line 36
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

$myfile_name
since you're using PHP4 and $_FILES['myfile']['tmp_name'] I assume you have to code for register_globals=Off ?
Then it's $_FILES['myfile']['name'] instead of $myfile_name
WizyWyg
Forum Commoner
Posts: 92
Joined: Tue Aug 06, 2002 7:20 pm

Post by WizyWyg »

register globals are on.
php 4.1.2

And still getting errors.
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

your variables are a bit strange. I'm not sure about the connection between $tmpfile, $myfile_name, $_FILES['myfile']['tmp_name'] and $tmp_name.
take a closer look at the examples at http://www.php.net/manual/en/features.file-upload.php
WizyWyg
Forum Commoner
Posts: 92
Joined: Tue Aug 06, 2002 7:20 pm

Post by WizyWyg »

My form:

Code: Select all

&lt;FORM ENCTYPE="multipart/form-data" ACTION="admin_picupload.php" METHOD=POST&gt;
Change Image? &lt;input type="hidden" name="MAX_FILE_SIZE" value="3000000000"&gt;&lt;INPUT NAME="myfile" TYPE="file"&gt;
&lt;INPUT TYPE="hidden" NAME="emp_id" VALUE="&#123;emp_id&#125;"&gt;
&lt;INPUT TYPE="submit" VALUE="Upload File"&gt;
&lt;/FORM&gt;
input name = myfile (which is where $myfile will come from)

Using the example:

Code: Select all

<?php

$uploaddir = '/var/www/html/tmp';

print "<pre>";
if (move_uploaded_file($_FILES['myfile']['tmp_name'], $uploaddir . $_FILES['myfile']['name'])) {
    print "File is valid, and was successfully uploaded.  Here's some more debugging info:\n";
    print_r($_FILES);
} else {
    print "Possible file upload attack!  Here's some debugging info:\n";
    print_r($_FILES);
}

?>
I can successifully upload the file to that folder.
is there a way to change it so that I can execute an SQL Update to the DB and then redirect to a given page after upload?
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

Code: Select all

if (move_uploaded_file($_FILES['myfile']['tmp_name'], $uploaddir . $_FILES['myfile']['name'])) {
    /** this will get executed if the upload was successful
        probably you want your db-code here */
}
else
 ...
Post Reply