HomeBuilding Your WebsiteWeb Programming and Application Development

php file Upload... what am I doing wrong?

mizzy posted this at 14:21 — 2nd December 2004.

They have: 47 posts

Joined: Jun 2001

Hello all,
I have a bit of a problem with some basic php file upload functionality. I am using the following code:

********

<?php
</strong>
$uploaddir = ' /home/greyhound/web/accounts/pdf/';
$uploadfile = $uploaddir . basename($HTTP_POST_FILES['userfile']['name']);

echo '<pre>';
if (move_uploaded_file($HTTP_POST_FILES['userfile']['tmp_name'], $uploadfile)) {
   echo "File is valid, and was successfully uploaded.\n";
} else {
   echo "Possible file upload attack!\n";
}

echo 'Here is some more debugging info:';
print_r($HTTP_POST_FILES);

print "</pre>";

<strong>
?>

************

The upload file is posted form a basic form with a 'file' input tag and it has the correct name "userfile". The pdf file has been in place and has been CHMODed to 777 .The server path to the directory is correct...but I keep getitng the following error when it tries to upload a pdf file...

************

Warning: move_uploaded_file( /home/greyhound/web/accounts/pdf/Syringe Filters 1.pdf): failed to open stream: No such file or directory in /home/greyhound/web/manager/upload_pdf.php on line 12

Warning: move_uploaded_file(): Unable to move '/tmp/phpXIPqG7' to ' /home/greyhound/web/accounts/pdf/Syringe Filters 1.pdf' in /home/greyhound/web/manager/upload_pdf.php on line 12
Possible file upload attack!
Here is some more debugging info:Array
(
[userfile] => Array
(
[name] => Syringe Filters 1.pdf
[type] => application/pdf
[tmp_name] => /tmp/phpXIPqG7
[error] => 0
[size] => 554223
)

)

************

What am I doing wrong or where could the problem be?...
Thanks
M

Busy posted this at 22:33 — 2nd December 2004.

Busy's picture

He has: 6,151 posts

Joined: May 2001

take basename() off the $uploadfile variable

should also be careful of the upload size, most hosts set maximum file size to about 2mb, php's default is about 8mb I think

For your security check you should use if(is_uploaded_file($_FILES['userfile']['tmp_name'])) { ... }
if you can't use $_FILES change it to $HTTP_POST_FILES
you should even check it is a pdf file before moving

Want to join the discussion? Create an account or log in if you already have one. Joining is fast, free and painless! We’ll even whisk you back here when you’ve finished.