Hi Everyone
This is my first day with PHP and, not surprisingly, I've run into a problem
:-)
I want to allow file uploads to the server without exposing the
non-technical end-users to FTP settings, file naming protocols, etc. I've
found the following from http://www.zend.com/manual/features.file-upload.php
....
HTML FILE (uploadtest.html)
<form enctype="multipart/form-data" action="uploadtest.asp" method="POST">
Send this file: <input name="userfile" type="file">
<input type="submit" value="Send File">
</form>
PHP FILE (uploadtest.php)
<?php
// In PHP earlier then 4.1.0, $HTTP_POST_FILES should be used instead of
// $_FILES. In PHP earlier then 4.0.3, use copy() and is_uploaded_file()
// instead of move_uploaded_file
$uploaddir = '/var/www/uploads/';
$uploadfile = $uploaddir. $_FILES['userfile']['name'];
print "<pre>";
if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) {
print "File is valid, and was successfully uploaded. ";
print "Here's some more debugging info:\n";
print_r($_FILES);
} else {
print "Possible file upload attack! Here's some debugging info:\n";
print_r($_FILES);
}
print "</pre>";
?>
END OF CODE
I select a file to upload and the delay in submitting the form suggests that
the file has been sent. But I always get the "possible file upload attack"
result. The file info shows the correct filename and type but the filesize
is always '0' and the 'tmp_name' is always 'none'.
Assuming this was the problem I did some digging using phpinfo(). The
version is 4.1.2 so I seem to be using the right commands as per the
instructions with the code. But the 'upload_tmp_dir' variable is NOT SET
which I think might be the problem.
So, with apologies for taking so long to get here, I have two queries...
1) Is there anything wrong with the code I'm using?
2) Where do uploaded files go if 'upload_tmp_dir' is not set and how can I
bypass this without access to the server (shared hosting)?
Any help would be appreciated.
Many thanks
Tim.
--
My real e-mail address is tim218 before the at followed by supermail.org.uk.