473,320 Members | 1,982 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,320 software developers and data experts.

File upload from a form / upload_tmp_dir query

Hi Everyone

This is my first day with PHP and, not surprisingly, I've run into a problem
:-)

I want to allow file uploads to the server without exposing the
non-technical end-users to FTP settings, file naming protocols, etc. I've
found the following from http://www.zend.com/manual/features.file-upload.php
....

HTML FILE (uploadtest.html)

<form enctype="multipart/form-data" action="uploadtest.asp" method="POST">
Send this file: <input name="userfile" type="file">
<input type="submit" value="Send File">
</form>

PHP FILE (uploadtest.php)

<?php
// In PHP earlier then 4.1.0, $HTTP_POST_FILES should be used instead of
// $_FILES. In PHP earlier then 4.0.3, use copy() and is_uploaded_file()
// instead of move_uploaded_file

$uploaddir = '/var/www/uploads/';
$uploadfile = $uploaddir. $_FILES['userfile']['name'];

print "<pre>";
if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) {
print "File is valid, and was successfully uploaded. ";
print "Here's some more debugging info:\n";
print_r($_FILES);
} else {
print "Possible file upload attack! Here's some debugging info:\n";
print_r($_FILES);
}
print "</pre>";
?>

END OF CODE

I select a file to upload and the delay in submitting the form suggests that
the file has been sent. But I always get the "possible file upload attack"
result. The file info shows the correct filename and type but the filesize
is always '0' and the 'tmp_name' is always 'none'.

Assuming this was the problem I did some digging using phpinfo(). The
version is 4.1.2 so I seem to be using the right commands as per the
instructions with the code. But the 'upload_tmp_dir' variable is NOT SET
which I think might be the problem.

So, with apologies for taking so long to get here, I have two queries...

1) Is there anything wrong with the code I'm using?
2) Where do uploaded files go if 'upload_tmp_dir' is not set and how can I
bypass this without access to the server (shared hosting)?

Any help would be appreciated.

Many thanks

Tim.

--
My real e-mail address is tim218 before the at followed by supermail.org.uk.
Jul 16 '05 #1
4 6710
Sorry the form action should be uploadtest.php not uploadtest.asp (still
getting the bad M$ habits out of my head!!).

Tim.

--
My real e-mail address is tim218 before the at followed by supermail.org.uk.

"Tim218" <se***********@for.email.address.invalid> wrote in message
news:bj**********@hercules.btinternet.com...
Hi Everyone

This is my first day with PHP and, not surprisingly, I've run into a problem :-)

I want to allow file uploads to the server without exposing the
non-technical end-users to FTP settings, file naming protocols, etc. I've
found the following from http://www.zend.com/manual/features.file-upload.php ...

HTML FILE (uploadtest.html)

<form enctype="multipart/form-data" action="uploadtest.asp" method="POST">
Send this file: <input name="userfile" type="file">
<input type="submit" value="Send File">
</form>

PHP FILE (uploadtest.php)

<?php
// In PHP earlier then 4.1.0, $HTTP_POST_FILES should be used instead of
// $_FILES. In PHP earlier then 4.0.3, use copy() and is_uploaded_file()
// instead of move_uploaded_file

$uploaddir = '/var/www/uploads/';
$uploadfile = $uploaddir. $_FILES['userfile']['name'];

print "<pre>";
if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) {
print "File is valid, and was successfully uploaded. ";
print "Here's some more debugging info:\n";
print_r($_FILES);
} else {
print "Possible file upload attack! Here's some debugging info:\n";
print_r($_FILES);
}
print "</pre>";
?>

END OF CODE

I select a file to upload and the delay in submitting the form suggests that the file has been sent. But I always get the "possible file upload attack" result. The file info shows the correct filename and type but the filesize is always '0' and the 'tmp_name' is always 'none'.

Assuming this was the problem I did some digging using phpinfo(). The
version is 4.1.2 so I seem to be using the right commands as per the
instructions with the code. But the 'upload_tmp_dir' variable is NOT SET
which I think might be the problem.

So, with apologies for taking so long to get here, I have two queries...

1) Is there anything wrong with the code I'm using?
2) Where do uploaded files go if 'upload_tmp_dir' is not set and how can I
bypass this without access to the server (shared hosting)?

Any help would be appreciated.

Many thanks

Tim.

--
My real e-mail address is tim218 before the at followed by supermail.org.uk.

Jul 16 '05 #2
Hi Everyone

I've now solved the problem.

Many thanks

Tim.

--
My real e-mail address is tim218 before the at followed by supermail.org.uk.

"Tim218" <se***********@for.email.address.invalid> wrote in message
news:bj**********@hercules.btinternet.com...
Sorry the form action should be uploadtest.php not uploadtest.asp (still
getting the bad M$ habits out of my head!!).

Tim.

--
My real e-mail address is tim218 before the at followed by supermail.org.uk.
"Tim218" <se***********@for.email.address.invalid> wrote in message
news:bj**********@hercules.btinternet.com...
Hi Everyone

This is my first day with PHP and, not surprisingly, I've run into a

problem
:-)

I want to allow file uploads to the server without exposing the
non-technical end-users to FTP settings, file naming protocols, etc. I've found the following from

http://www.zend.com/manual/features.file-upload.php
...

HTML FILE (uploadtest.html)

<form enctype="multipart/form-data" action="uploadtest.asp" method="POST"> Send this file: <input name="userfile" type="file">
<input type="submit" value="Send File">
</form>

PHP FILE (uploadtest.php)

<?php
// In PHP earlier then 4.1.0, $HTTP_POST_FILES should be used instead of
// $_FILES. In PHP earlier then 4.0.3, use copy() and is_uploaded_file() // instead of move_uploaded_file

$uploaddir = '/var/www/uploads/';
$uploadfile = $uploaddir. $_FILES['userfile']['name'];

print "<pre>";
if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) {
print "File is valid, and was successfully uploaded. ";
print "Here's some more debugging info:\n";
print_r($_FILES);
} else {
print "Possible file upload attack! Here's some debugging info:\n";
print_r($_FILES);
}
print "</pre>";
?>

END OF CODE

I select a file to upload and the delay in submitting the form suggests

that
the file has been sent. But I always get the "possible file upload

attack"
result. The file info shows the correct filename and type but the

filesize
is always '0' and the 'tmp_name' is always 'none'.

Assuming this was the problem I did some digging using phpinfo(). The
version is 4.1.2 so I seem to be using the right commands as per the
instructions with the code. But the 'upload_tmp_dir' variable is NOT SET which I think might be the problem.

So, with apologies for taking so long to get here, I have two queries...

1) Is there anything wrong with the code I'm using?
2) Where do uploaded files go if 'upload_tmp_dir' is not set and how can I bypass this without access to the server (shared hosting)?

Any help would be appreciated.

Many thanks

Tim.

--
My real e-mail address is tim218 before the at followed by

supermail.org.uk.


Jul 16 '05 #3
Also sprach Tim218:
Hi Everyone
Hi Tim,
I've now solved the problem.
Would you be so kind as to let us in on the details of your solution?
Many thanks


You're welcome. :-)

Jul 16 '05 #4
Hi

I'm afraid I couldn't resolve the PHP problem which I think was caused by
the temporary directory setting on the server not being set (I don't have
admin control over the server).

On this occasion I went back to an ASP solution which had been my original
plan. The phpinfo() function proved useful as it let me know the server was
running Chili!ASP and once I knew this I was able to find details of its
built-in file upload function.

But my brief introduction to PHP has convinced me that it is the way forward
and that my first major ASP project should be my last. So hopefully I will
see you all in here again soon.

Best wishes

Tim.

--
My real e-mail address is tim218 before the at followed by supermail.org.uk.

"Thomas Mlynarczyk" <bl*************@hotmail.com> wrote in message
news:bj*************@news.t-online.com...
Also sprach Tim218:
Hi Everyone


Hi Tim,
I've now solved the problem.


Would you be so kind as to let us in on the details of your solution?
Many thanks


You're welcome. :-)


Jul 16 '05 #5

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

1
by: Leigh Riley | last post by:
My PHP.ini file sets the following: file_uploads = on upload_max_filesize = 3M upload_tmp_dir = /tmp When I try and upload the file, it doesn't appears in /tmp. The name of the Submit...
3
by: Mike Walsh | last post by:
I have a problem uploading files with PHP which has me stumped! I am unable to successfully upload files. My simple test script is as follows: <?php if (count($_FILES)) { var_dump($_FILES)...
9
by: R. Rajesh Jeba Anbiah | last post by:
Q: How should I handle file upload? A: File uploading requires HTML form of content type "multipart/form-data". The file content has to be POSTed/submitted via the form and once the file is...
6
by: Vic Spainhower | last post by:
Hello, I am trying to do a FTP file upload which works fine on my localhost but on my ISP server it fails. I can't seem to find where I can go to find the specific cause of the failure. In both...
9
by: Arthur Jacobs | last post by:
Good Day, I can upload a file as long as it is empty (thanks Hendri Kurniawan). I do not know where to look. Can someone help me understand what I need to do to upload a small image....
4
by: lawrence k | last post by:
I've a file that starts like this: <form id="pdsForm" method="post" action="/mcControlPanel.php" class="mcForm" charset="UTF-8" enctype="multipart/form-data" > and it contains this input: ...
1
by: wbsurfver | last post by:
I'm trying to figure out why I can't upload a file in php. I'm trying it locally on a windows XP machine running Apache 2.2 and PHP 5.2.1. That is I am running the browser/server on same machine...
6
by: howa | last post by:
Suppose the file is stored in "upload_tmp_dir ", so why I need to increase the memory limit? If I want to upload 100 MB, how large should I set? Thanks.
24
by: owz2008 | last post by:
This has probably been covered before but could not find a similar thread. Basically I have created a form which can be viewed at www.icomworks.co.uk/canvaspayform.html I want to submit the...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
0
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
0
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.