Anotehr File upload problems w/ htp-post_files

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
PingLeeQuan
Forum Commoner
Posts: 58
Joined: Tue Sep 03, 2002 8:08 am

Anotehr File upload problems w/ htp-post_files

Post by PingLeeQuan »

Hi... I am having trouble getting File Upload to work. I searched the form and I found a post that is EXACTLY the same as mine (by jim) but there were not replies to it. When I run this script, I always come up blank... I am running it as a test script before I dive into the main upload class.
And my $HTTP_POST_FILES is always blank... Any suggestions? Thanks lots

Please help
the whole code follows

Code: Select all

<? if (isset($HTTP_POST_VARS&#1111;'submitted'])) &#123;
	if (is_uploaded_file($HTTP_POST_FILES&#1111;’userfile’]&#1111;’tmp_name’])) &#123;
		copy($HTTP_POST_FILES&#1111;’userfile’]&#1111;’tmp_name’], "/html/webuser/docs");
	&#125; else &#123;
		echo "error uploading Filename: " . $HTTP_POST_FILES&#1111;’userfile’]&#1111;’name’];
		&#125;
&#125;
?>

<form enctype="multipart/form-data" action="<?PHP $PHP_SELF ?>" method="post">
	<input type="hidden" name="submitted" value="true">
		Upload this file:<br>
		<input name="userfile" type="file"><br>
		<input type="hidden" name="MAX_FILE_SIZE" value="10000"> 
		<br><br>
		<input type="submit" value="Send File">
	</form>
	<hr>
</body>
</html>
User avatar
daven
Forum Contributor
Posts: 332
Joined: Tue Dec 17, 2002 1:29 pm
Location: Gaithersburg, MD
Contact:

Post by daven »

A) anything in HTTP_POST_FILES should use a single quote to name things (ex: $HTTP_POST_FILES['userfile']['tmp_name']). I am unsure if the character you have is a single quote or not (it does not look like it from this end).
B) <input type="hidden" name="MAX_FILE_SIZE" value="10000"> should go before <input type="file">
C) copy() needs the full path to the copy location

Code: Select all

<?php copy($_FILES['userfile']['tmp_name'], "/full/path/to/where/you/want/file/including/filename.ext"); ?>
D) Any particular reason you are using HTTP_POST_FILES rather than $_FILES[]?

Also, try putting checks to see how far you get (for debugging purposes)

Code: Select all

<?php
if (isset($HTTP_POST_VARS['submitted'])) {
  echo "Submittted";
  if (is_uploaded_file($HTTP_POST_FILES[’userfile’][’tmp_name’])) {
    echo "File uploaded";
    copy($HTTP_POST_FILES[’userfile’][’tmp_name’], "/html/webuser/docs");
  } else {
    echo "error uploading Filename: " . $HTTP_POST_FILES[’userfile’][’name’];
  }
}
?>
PingLeeQuan
Forum Commoner
Posts: 58
Joined: Tue Sep 03, 2002 8:08 am

Post by PingLeeQuan »

Thanks Daven for replying... to address the questions
a) Yes, i am using single quotes
b) i also put the max file size before the <input filexxxxxx> and it is still does not work (i do not think that this would matter... but i might be wrong)
c)I provided the full path and still same thing
d) i am using PHP 4.0.1


I always come up empty whenever i try to do the following

Code: Select all

echo '---'.$HTTP_POST_FILES&#1111;’userfile’]&#1111;’tmp_name’];
which displayes my error message

Code: Select all

"error uploading Filename"
I also chmod all directories to 777 (for testing purposes)....

Thanks again
User avatar
daven
Forum Contributor
Posts: 332
Joined: Tue Dec 17, 2002 1:29 pm
Location: Gaithersburg, MD
Contact:

Post by daven »

hmmm.....
So it seems like you are not getting past the is_uploaded_file part. Try the following changes:

Code: Select all

<?php
# use $HTTP_POST_FILES['userfile']['name'] rather than $HTTP_POST_FILES['userfile']['tmp_name']
if(is_uploaded_file($HTTP_POST_FILES['userfile']['name'])
?>

Code: Select all

<?php 
# yet again, the filename should be from $HTTP_POST_FILES['userfile']['name']
$file_name=$HTTP_POST_FILES['userfile']['name'];
$file_path="/full/path/to/dir/".$file_name;
copy($HTTP_POST_FILES['userfile']['tmp_name'], $file_path); 
?>
Let me know if this does not work.
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

$HTTP_POST_FILES[’userfile’][’name’];
use ' instead of ’
what does

Code: Select all

echo '<pre>'; print_r($HTTP_POST_FILES); echo '</pre>';
show?

maybe you should increase the error-reporting level and enable display_errors as long as you're developing your scripts.

Code: Select all

<?php error_reporting(E_ALL); ini_set('display_errors', TRUE); ?>
... remaining script ...
PingLeeQuan
Forum Commoner
Posts: 58
Joined: Tue Sep 03, 2002 8:08 am

Post by PingLeeQuan »

I tried the script that you provided and it works very well. THANK YOU SOOOOOOOOO MUCH.

My question remains however, why it that HTTP_POST_FILES is not working and it always returns empty.

This is the 2nd thing in PHP (So Far) that i have to work around. The first one was with session_start and HTTP_SESSION_xxxx not working and i had to do a work around.

May be I am not understanding this right or maybe PHP is temperamental.

I just hate to keep working around functions that PHP docs say it works.

At any rate, Thanks a lot for your help... I will go with your solution and may be i can convince the Sys. Admin. to upgrade to the new PHP

--quan
User avatar
daven
Forum Contributor
Posts: 332
Joined: Tue Dec 17, 2002 1:29 pm
Location: Gaithersburg, MD
Contact:

Post by daven »

If I am reading everything correctly, your problem came from using HTTP_POST_FILES['userfile']['tmp_name']. The tmp_name attribute only works as an internal reference for PHP. You have to use the ['name'] attribute when you are calling the file. It is not a bug in PHP, that is the way it is supposed to work. However, it took me a while to learn that when I began playing with file uploads.

Do beat your SysAdmin until he upgrades your PHP. It is worth it. *grin*
PingLeeQuan
Forum Commoner
Posts: 58
Joined: Tue Sep 03, 2002 8:08 am

Post by PingLeeQuan »

i agree with you Daven... When I started encountering those problems, I started doing "process of elimination" and started to try everything and anything.

The whole thing stems from the fact that i cannot get HTTP_POST_VARS to recognize the file name and it keep giving me a "none" for the file name.

I.E. Look at the following code that outputs the result which is after it: (I turned all errors and warnings to on)

Code: Select all

if (isset($HTTP_POST_VARS&#1111;'submitted'])) &#123;

	echo '<br>-0--'.$HTTP_POST_FILES&#1111;$userfile]&#1111;'name'];
	echo '<br>-1--'.$HTTP_POST_FILES&#1111;$userfile]&#1111;'tmp_name'];
	echo '<br>-2--'.$HTTP_POST_FILES&#1111;$userfile]&#1111;'error'];
	echo '<br>-3--'.$HTTP_POST_FILES&#1111;$userfile];
	echo '<br>-0a--'.$HTTP_POST_FILES&#1111;'userfile']&#1111;'name'];
	echo '<br>-1a--'.$HTTP_POST_FILES&#1111;'userfile']&#1111;'tmp_name'];
	$input_array = $HTTP_POST_FILES&#1111;'userfile'];
	print_r('<br>-2a--'.array_keys($input_array));
	echo '<br>-3a--'.$HTTP_POST_FILES&#1111;'userfile'];

	if (is_uploaded_file($HTTP_POST_FILES&#1111;$userfile]&#1111;'name']) ) &#123;
		copy($HTTP_POST_FILES&#1111;$userfile]&#1111;'name'], "/home/www/html/rfp/docs");
	&#125; else &#123;
		echo "Possible file upload attack. Filename: " . $HTTP_POST_FILES&#1111;'userfile']&#1111;'name'];
		echo "\n http_post_files: " . $HTTP_POST_FILES&#1111;$userfile]&#1111;'tmp_name'];
	&#125;
&#125;
?>

	<form enctype="multipart/form-data" action="<?PHP $PHP_SELF ?>" method="post">
	<input type="hidden" name="submitted" value="true">
		Upload this file:<br>
		<input type="hidden" name="MAX_FILE_SIZE" value="10000"> 
		<input name="userfile" type="file"><br>
		<input type="submit" value="Send File">
	</form>
the output is

Code: Select all

Warning: Undefined index: none in /home/www/html/admin/test_fileupload.php on line 13

-0--
Warning: Undefined index: none in /home/www/html/admin/test_fileupload.php on line 14

-1--
Warning: Undefined index: none in /home/www/html/admin/test_fileupload.php on line 15

-2--
Warning: Undefined index: none in /home/www/html/admin/test_fileupload.php on line 16

-3--
-0a--
-1a--none
-2a--Array
-3a--Array
Warning: Undefined index: none in /home/www/html/admin/test_fileupload.php on line 23
Possible file upload attack. Filename: 
Warning: Undefined index: none in /home/www/html/admin/test_fileupload.php on line 27
http_post_files:
As you can see, I keep coming up with file name of none. I was able to get it to tell me that the file name is an array. But that’s as far as I was able to take it.
User avatar
twigletmac
Her Royal Site Adminness
Posts: 5371
Joined: Tue Apr 23, 2002 2:21 am
Location: Essex, UK

Post by twigletmac »

Have you tried using this code that volka posted:

Code: Select all

echo '<pre>'; print_r($HTTP_POST_FILES); echo '</pre>';
it will show you all of the contents of the $HTTP_POST_FILES array.

Mac
PingLeeQuan
Forum Commoner
Posts: 58
Joined: Tue Sep 03, 2002 8:08 am

Post by PingLeeQuan »

Thanks twigletmac... Yes i did and it gave me "none" for file name... this is the result of the print_r

Code: Select all

Array
(
    &#1111;userfile] => Array
        (
            &#1111;name] => 
            &#1111;type] => application/octet-stream
            &#1111;tmp_name] => none
            &#1111;size] => 0
        )

)
User avatar
twigletmac
Her Royal Site Adminness
Posts: 5371
Joined: Tue Apr 23, 2002 2:21 am
Location: Essex, UK

Post by twigletmac »

It's also showing the size of the file as 0 - the file doesn't seem to be uploading. Have you checked the output of phpinfo:

Code: Select all

<?php phpinfo(); ?>
in case file uploading is turned off (i.e. file_uploads = 0)?

Mac
PingLeeQuan
Forum Commoner
Posts: 58
Joined: Tue Sep 03, 2002 8:08 am

Post by PingLeeQuan »

Yes and the value for file_uploads is 1 for the local value and 1 for the master.
I also have safe_mode turned off, register_globals to ontrack_errors to OFF.
aybra
Forum Commoner
Posts: 56
Joined: Sun Nov 24, 2002 12:52 am

Post by aybra »

Code: Select all

<?php
echo '<br>-0--'.$HTTP_POST_FILES[$userfile]['name'];
?>
ok... sorry dumb questin and running on a limited knowledge... but
shouldnt the above code read:

Code: Select all

<?php
echo '<br>-0--',$HTTP_POST_FILES[$userfile]['name'];
?>
using a comma before $HTTP rather than a period??
PingLeeQuan
Forum Commoner
Posts: 58
Joined: Tue Sep 03, 2002 8:08 am

Post by PingLeeQuan »

no... the correct string concatenation is a period.
User avatar
daven
Forum Contributor
Posts: 332
Joined: Tue Dec 17, 2002 1:29 pm
Location: Gaithersburg, MD
Contact:

Post by daven »

The problem is that no file is actually being uploaded (hence the name="" and size=0 attributes). Do you have register_globals on? You mentioned it, but did not say whether it was on or off. For HTTP_POST_FILES, register_globals must be on, or you will get nulls similar to the results you have been experiencing.

Try the following code, as written

Code: Select all

&lt;html&gt;
&lt;body&gt;
&lt;form enctype="multipart/form-data" action="&lt;?PHP echo($PHP_SELF)?&gt;" method="post"&gt;
      &lt;input type="hidden" name="MAX_FILE_SIZE" value="10000"&gt; 
      Upload this file:&lt;br&gt;
      &lt;input name="userfile" type="file" size="50"&gt;&lt;br&gt;
      &lt;br&gt;&lt;br&gt;
      &lt;input type="submit" value="Send File"&gt;
&lt;/form&gt;
&lt;/body&gt;
&lt;/html&gt;

Code: Select all

<?php
if($HTTP_POST_FILES['local_file']['name']!=""){
  if(filesize($HTTP_POST_FILES['local_file']['tmp_name'])>0){
    $file_Name=$HTTP_POST_FILES['local_file']['name'];
    $file_Path="/your/path/".$file_Name;
    copy($HTTP_POST_FILES['local_file']['tmp_name'], $file_Path) or die("copy failed");
    echo "File Uploaded Successfully";
  }else{echo "File size=0.  No file";}
}else{echo "no file uploaded";}
?>
Post Reply