file upload

gagz · Jan 3, 2003

what seems like a simple form isn't working... below is the code:

Code:

<form enctype=&quot;multipart/form-data&quot; action=&quot;index.php&quot; method=&quot;post&quot;>
<input type=&quot;hidden&quot; name=&quot;MAX_FILE_SIZE&quot; value=&quot;1000&quot;>
Send this file: <input name=&quot;img1&quot; type=&quot;file&quot;>
<input type=&quot;submit&quot; value=&quot;Send File&quot;>
<input type=hidden name=cmd value=upload>
</form>

<?
if ($_POST[&quot;cmd&quot;] == &quot;upload&quot;)
{
    if (is_uploaded_file($_FILES['img1']['tmp_name'])) 
    {
        move_uploaded_file($_FILES['img1']['tmp_name'], &quot;,,&quot;);
    }
    else 
    {
        echo &quot;-&quot; . $_FILES['img1']['tmp_name'] . &quot;<br>&quot; 
        echo &quot;-&quot; . $_FILES['img1']['type']  .&quot;<br>&quot;;
        echo &quot;Possible file upload attack. Filename: &quot; . $_FILES['img1']['name'];
    }
}
?>

the results I get in the page are:

Code:

-
-
Possible file upload attack. Filename: DCP_0708.JPG

looks like me like type and tmp_name aren't set..

any ideas?

THanks.

w1nn3r · Jan 4, 2003

I'm a newbie with PHP so if anyone feels i'm giving poor advice feel free to correct me..but here goes:

// <snipped code>
<?
if ($_POST["cmd"] == "upload&quot

<--Says if your trying to upload
{
if (is_uploaded_file($_FILES['img1']['tmp_name']))
{ ^^^^ This says that if the file already exists,

move_uploaded_file($_FILES['img1']
^^^ To move the uploaded file

['tmp_name'], ",,&quot

;
}
else <----This says that if it didnt meet any other arguments to perform a "catch-all" command for everything else

{
echo "-" . $_FILES['img1']['tmp_name'] . "<br>"
echo "-" . $_FILES['img1']['type'] ."<br>";
echo "Possible file upload attack. Filename: " .
^^^^^ Recognise that? its in your catchall command. It doesnt look to me like it stops the upload, it just prints that msg.

$_FILES['img1']['name'];
}
}
?>

gagz · Jan 5, 2003

let me be more clear... I know what my code is supposed to do, i just don't know why its not working...

BB101 · Jan 6, 2003

I successfully used the following on PHP4.2.3 linux apache and windows iis

if (isset($_FILES['file']) && is_uploaded_file($_FILES['file']['tmp_name'])) {
if ($_FILES['file']['type'] == "image/pjpeg" || $_FILES['file']['type'] == "image/gif" || $_FILES['file']['type'] == "image/jpeg&quot

{
$imageinfo = getimagesize($_FILES['file']['tmp_name']);
if ($imageinfo[0] <= 500) {
copy($_FILES['file']['tmp_name'], "../../images/upload/".$_FILES['file']['name']);
} else {
$f = 1;
}
}
}
--BB

gagz · Jan 6, 2003

Thanks, but i'm actually not looking for source code, I want to know whats wrong with the code I posted... I mostly pulled it off the php manual page...

BB101 · Jan 7, 2003

move_uploaded_file($_FILES['img1']['tmp_name'], ",,&quot

;
doesn't look right to me. --BB

Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

file upload

gagz

Programmer

w1nn3r

ISP

gagz

Programmer

BB101

Programmer

gagz

Programmer

BB101

Programmer

Similar threads

Part and Inventory Search

Sponsor