Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

image upload

Status
Not open for further replies.
manicleek

manicleek

Technical User
Joined
Jun 16, 2004
Messages
143
Location
GB
I'm trying to do an image upload using the code from php.net

Code: 
<?

// In PHP versions earlier than 4.1.0, $HTTP_POST_FILES should be used instead
// of $_FILES.

$uploaddir = '/images/';
$uploadfile = $uploaddir . $_FILES['userfile']['name'];

print "<pre>";
if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) {
   print "File is valid, and was successfully uploaded. ";
   print "Here's some more debugging info:\n";
   print_r($_FILES);
} else {
   print "Possible file upload attack!  Here's some debugging info:\n";
   print_r($_FILES);
   print $uploaddir;
}
print "</pre>";

?>

I'm getting the "possible file upload attacj" error message but it doesn't tell me why, can anyone tell me what it means and how I can solve this.

Also do I have to put the full directory path in i.e. c:\inetpub....\site\images and could that be what the problem is?
 
Sort by date Sort by votes
as an ammendment to this, it works on my local machine so I'm guessing its something on the host server, what would need to be changed to allow this to work?
 
Upvote 0 Downvote
I would guess it's the fact that the filename to which you're moving doesn't exist.

And the reason you don't get the error locally is that your local machine is Win32, but the hosting server is a unix-like OS.

PHP's move_uploaded_file() function is not constrained to the current document root. It can operate anywhere on the filesystem.

Let's say you upload foo.txt to the server. In your code, $uploadfile will have the value "/images/foo.txt". On Win32, that would refer to the images directory on the current drive letter.

Unix-like OSes, however, do not use drive letters. The entire filesystem, including all partitions on all drives are mounted on a hierarchical directory structure starting with "/". So on a unix-like OS, "/images" is a directory that is probably completely outside of any directory to which you have permission to write. If it exists at all.

If the images directory resides under your web site's document root, include $_SERVER['DOCUMENT_ROOT'] in the statement which creates your filename.


Want the best answers? Ask the best questions!

TANSTAAFL!!
 
Upvote 0 Downvote
so it would be

Code: 
$uploaddir = '$_SERVER['DOCUMENT_ROOT']/images/';
$uploadfile = $uploaddir . $_FILES['userfile']['name'];

??
 
Upvote 0 Downvote
No.

It would be :

$uploaddir = $_SERVER['DOCUMENT_ROOT'] . '/images/';

Variables are not interpolated inside singlequotes.


Want the best answers? Ask the best questions!

TANSTAAFL!!
 
Upvote 0 Downvote
Still not working

also when I echo out $uploaddir $_SERVER['DOCUMENT_ROOT'] has no value

 
Upvote 0 Downvote
No still the same

Is it possible that some permissions need to be changed in the servers php.ini file and if so what would they be?
 
Upvote 0 Downvote
Code: 
Array ( [ALLUSERSPROFILE] => C:\Documents and Settings\All Users [CommonProgramFiles] => C:\Program Files\Common Files [COMPUTERNAME] => BELAIRHOST1 [ComSpec] => C:\WINNT\system32\cmd.exe [CONTENT_LENGTH] => 0 [GATEWAY_INTERFACE] => CGI/1.1 [HTTPS] => off [HTTP_ACCEPT] => image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-powerpoint, application/vnd.ms-excel, application/msword, application/x-shockwave-flash, */* [HTTP_ACCEPT_LANGUAGE] => en-gb [HTTP_CONNECTION] => Keep-Alive [HTTP_HOST] => [URL unfurl="true"]www.marinasonline.net[/URL] [HTTP_USER_AGENT] => Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) [HTTP_ACCEPT_ENCODING] => gzip, deflate [INSTANCE_HOME] => C:\PROGRA~1\Ensim\WEBPPL~1\ [INSTANCE_ID] => 4 [LOCAL_ADDR] => 217.205.238.11 [NUMBER_OF_PROCESSORS] => 1 [OCW_BIN_HOME] => C:\bin [OCW_DATADOMAIN] => C:\PROGRA~1\Ensim\SiteData\ [OCW_DEBUG] => 0 [OCW_DOMAIN_RUN] => C:\PROGRA~1\Ensim\WEBPPL~1\run.bat [OCW_HOME] => C:\PROGRA~1\Ensim\WEBPPL~1\ [OCW_HOMEDRIVE] => C:\ [OCW_HOMEDRIVE_uce] => \\BELAIRHOST1\C$\ [OCW_MODULES] => webhost [OCW_OPTIONS] => debug [OCW_OS] => WIN2000 [OCW_SSL] => 0 [OCW_SSL_HOME] => C:\PROGRA~1\Ensim\SiteData\webppliance\conf\ssl [OCW_SVC_PATH] => C:\PROGRA~1\Ensim\WEBPPL~1\base\services [OCW_VD_APP_CUSTOM] => C:\PROGRA~1\Ensim\SiteData\webppliance\conf\custom\appliance [OCW_VD_CUSTOM] => C:\PROGRA~1\Ensim\SiteData\webppliance\conf\custom [OCW_VD_HOME] => C:\PROGRA~1\Ensim\SiteData\webppliance\conf\domains [OCW_VD_HOME_u] => C:\PROGRA~1\Ensim\SiteData/webppliance/conf/domains [OCW_VD_HOME_uce] => \\BELAIRHOST1\C$\PROGRA~1\Ensim\SiteData\webppliance\conf\domains [OCW_VD_RESELLER_CUSTOM] => C:\PROGRA~1\Ensim\SiteData\webppliance\conf\custom\reseller [OPCENTER_PATH] => C:\PROGRA~1\Ensim\WEBPPL~1\ [Os2LibPath] => C:\WINNT\system32\os2\dll; [OS] => Windows_NT [Path] => C:\PROGRA~1\MAILEN~1\BIN;C:\PROGRA~1\Ensim\WEBPPL~1\util;C:\bin;C:\Program Files\Python;C:\mysql\bin;C:\Perl;C:\Perl\bin;C:\Perl\bin\;C:\WINNT\system32;C:\WINNT;C:\WINNT\System32\Wbem;C:\bin;C\bin;C:\Program Files\Symantec\pcAnywhere\ [PATHEXT] => .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH [PATH_INFO] => /edit/test.php [PATH_TRANSLATED] => C:\Program Files\Ensim\SiteData\webppliance\conf\domains\marinasonline\Inetpub\[URL unfurl="true"]wwwroot\edit\test.php[/URL] [PROCESSOR_ARCHITECTURE] => x86 [PROCESSOR_IDENTIFIER] => x86 Family 6 Model 11 Stepping 4, GenuineIntel [PROCESSOR_LEVEL] => 6 [PROCESSOR_REVISION] => 0b04 [ProgramFiles] => C:\Program Files [PYTHONPATH] => C:\Progra~1\Python\;C:\Progra~1\Zope\;C:\Progra~1\Zope\lib\python\;C:\PROGRA~1\Ensim\WEBPPL~1\common\;C:\PROGRA~1\Ensim\WEBPPL~1\;C:\Progra~1\Python\win32\;C:\Progra~1\Python\win32\lib\ [REMOTE_ADDR] => 83.104.36.46 [REMOTE_HOST] => dolphcom-adsl.demon.co.uk [REQUEST_METHOD] => GET [SCRIPT_NAME] => /edit/test.php [SERVER_NAME] => [URL unfurl="true"]www.marinasonline.net[/URL] [SERVER_PORT] => 80 [SERVER_PORT_SECURE] => 1 [SERVER_PROTOCOL] => HTTP/1.1 [SERVER_SOFTWARE] => Microsoft-IIS/5.0 [SystemDrive] => C: [SystemRoot] => C:\WINNT [TEMP] => C:\WINNT\TEMP [TMP] => C:\WINNT\TEMP [UrchinDir] => C:\Program Files\Urchin Dedicated 3.3\ [USERPROFILE] => C:\Documents and Settings\Default User [windir] => C:\WINNT [PHP_SELF] => /edit/test.php )
 
Upvote 0 Downvote
I don't have access to the server
 
Upvote 0 Downvote
It looks as though IIS isn't setting that value. If you know the filesystem path to the directory where you're going to store the uploaded file, I recommend that you hard-code that value.


Want the best answers? Ask the best questions!

TANSTAAFL!!
 
Upvote 0 Downvote
ok I'll have to get the path from the admin
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Gerrit Broekhuis
  • Locked
  • Question Question
PHP form with captcha and file upload
Replies
4
Views
575
Gerrit Broekhuis
Gerrit Broekhuis
waubain
  • Locked
  • Question Question
Images not loading on AJAX call
Replies
3
Views
920
southbeach
southbeach
Brianfree
  • Locked
  • Question Question
PHP - &gt; Upload process and create a new csv file
Replies
1
Views
321
feherke
feherke
Katerine
  • Locked
  • Question Question
File Upload issue
Replies
5
Views
669
Katerine
Katerine
southbeach
  • Locked
  • Question Question
fail file upload
Replies
7
Views
424
southbeach
southbeach

Part and Inventory Search

Sponsor

Back
Top