In my form I have
<td>Boiler Image:</td>
<input type ="hidden" name="MAX_FILE_SIZE" value="1000000" />
<td><input type="file" name="boiler_image" id="boiler_image" /></td>
In my php code I have
if (is_uploaded_file($_FILES['boiler_image']['twp_name'])){
if (!move_uploaded_file($_FILES['boiler_image']['twp_name'], $upfile)){
echo 'Problem: Could not move file to destination directory';
exit;
}
}
else {
echo 'Problem: Possible file upload attack. Filename: ';
echo $_FILES['boiler_image']['name'];
exit;
}
Whenever I try to upload an image I get 'Problem: Possible file upload attack. Filename:' Did I happen to set up the input form incorrectly?
Ensure you have set the enctype="multipart/form-data" attribute on your form. It is required for all forms that have file uploads.
The temporary filename of the file in which the uploaded file was stored on the server is located at key "tmp_name". So, change your instances of twp_name to tmp_name.
$_FILES['boiler_image']['tmp_name']
Ref: http://php.net/manual/en/features.file-upload.post-method.php
Related
I have a code where I am selecting an image and then entering the name of the directory I want to create to save that image. After this, once a button is clicked the directory should be created in the given path and file should be saved in it.
Below is the code I am using:
<form enctype="multipart/form-data" action="upload.php" method="POST">
<input type="hidden" name="MAX_FILE_SIZE" value="512000" />
Send this file: <input name="userfile" type="file"/>
<input type="text" name="idtest" value=<?php echo $idtest; ?> >
<input type="submit" value="Send File" multiple/>
</form>
upload.php
<?php
$uploaddir = 'G:/dataset/' . $idtest;
$uploadfile = $uploaddir . basename($_FILES['userfile']['name']) ;
echo $uploadfile;
?>
Here in the above code I have not include the create directory part which I still have to work on. Now ideally the variable idtest should be appended with uploaddir variable so whenever I am printing the value of uploadfile the last directory should be the one which I entered in the text box. But its not working. Can anyone please throw some light on why its not working. Thanks
Give this upload script a try. Based on your comments, it seems the first issue is the directory name entered in the form not being added to the full uploadfile path. You will need to grab idtest from the $_POST variable first. I would also recommend using move_uploaded_file to move the uploaded file.
upload.php
<?php
$uploaddir = 'G:/dataset/' . $_POST['idtest'];
// check if directory exists
if(!is_dir($uploaddir)){
mkdir($uploaddir);
}
$uploadfile = $uploaddir ."/". basename($_FILES['userfile']['name']) ;
echo $uploadfile;
move_uploaded_file($_FILES['userfile']['tmp_name'],$uploadfile);
?>
Please ensure proper form validation and file name checks for security reasons, but that is beyond the scope of this answer. As the other commenters have mentioned, ensure file system permissions are set to allow writing to G:/dataset/.
Re asking how to check if $_POST[FILE] isset
I have a file input and if I submit my form without an image I want something to happen if I uploaded a file in the input I want something different to happen.
if (!isset($_POST[image])) { }
seems to trigger regardless of whether or not I have uploaded a file in the input or not.
<label>
<p>Profile Picture:</p>
<input type="file" name="image" value="" />
</label>
My last question was marked as a duplicate of this answer Check whether file is uploaded however
if (!file_exists($_FILE['image'])) { }
didn't work either it is still showing truthy even when an image is uploaded. So not the answer I need.
To check if there is a file uploaded is you need to check the size of the file.
Then to check if its an image or not is you need to use the getimagesize() function. See my script below:
HTML:
<form action="index.php?act=s" method="post" enctype="multipart/form-data">
<input type="file" name="image" value=""/>
<input type="submit">
</form>
PHP:
<?php
if(isset($_GET['act'])){
// Check if there is a file uploaded
if($_FILES["image"]["size"]>0){
echo "There is a file uploaded<br>";
// Check if its an image
$check_if_image = getimagesize($_FILES["image"]["tmp_name"]);
if($check_if_image !== false) {
echo "Image = " . $check_if_image["mime"] . ".";
} else {
echo "Not an image";
}
}
else{
echo "There is NO file uploaded<br>";
}
}
?>
I have 2 php files that display uploaded picture.
first is form_upload.php
<html>
<head><title>File Upload</title></head>
<body>
<ol>
<li>Enter the file name of the product picture you want to upload or the the browse button to navigate to the picture file</li>
<li>when the path to the picture file shpws in the text field, click the upload picture</li>
</ol>
<form enctype="multipart/form-data" action="uploadFile.php" method="POST">
<input type="hidden" name="MAX_FILE_SIZE" value="500000"/>
<input type="file" name="pix" size="60"/>
<p><input type='submit' name="Upload" value="Upload picture"/></p>
</form>
</body>
</html>
second is uploadedFile.php
<?php
if(!isset($_POST['Upload']))
{
include("form_upload.php");
}
else
{
if($_FILES['pix']['tmp_name']=="") //check wether the file is larger than 2mb or not
{
echo "file did not successfully upload. Check the file size. File must be less than 500K";
include("form_upload.php");
exit();
}
if(!preg_match("/image\/jpeg/",$_FILES['pix']['type']))
{
echo "only jpg files are allowed. Please try another file";
include("form_upload.php");
exit();
}
else
{
$destination='C:\xampp\htdocs\test\hinh\ '.$_FILES['pix']['name'];
$temp_file=$_FILES['pix']['tmp_name'];
move_uploaded_file($temp_file,$destination);
echo "<p>the file has successfully uploaded :{$_FILES['pix']['name']} {$_FILES['pix']['type']} ({$_FILES['pix']['size']}) </p>";
echo "<img src='C:\\xampp\\htdocs\\test\hinh\\{$_FILES['pix']['name']}' alt='picture'><br/>";
echo "C:\\xampp\\htdocs\\test\hinh\\{$_FILES['pix']['name']}";
}
}
?>
I can not display the image after uploading. I checked the path is correct. But when i put
it in tag it doesn't display the picture here is my syntax:
echo "<img src='C:\\xampp\\htdocs\\test\hinh\\{$_FILES['pix']['name']}' alt='picture'><br/>";
You should not reference the file with a filesystem path on drive "C". You should instead use a HTTP link, preferredly a relative link, like so:
echo "<img src='/path/to/upload/{$_FILES['pix']['name']}' alt='picture'><br/>";
I don't know how that path is named on your webserver. You have to find out yourself what is right. I guess it might be /test/hinh/.
I am writing an app from which user will upload files on the server. I have found a php script from internet but I don't know how am I going to tell the script where to upload the data. This might be a silly question but I am no PHP programmer. I am using this php script in my java code.
Here is the script.
<?php
$filename="abc.xyz";
$fileData=file_get_contents('php://input');
echo("Done uploading");
?>
Regards
This is a terrible way of uploading files, you are much better off using a form and the $_FILES superglobal.
Take a look at the W3Schools PHP File Upload Tutorial; please read all of it. For further reading take a look at the PHP Manual pages on file upload.
The file input type will create the upload box in the html form:
<form action="upload_file.php" method="post"
enctype="multipart/form-data">
<label for="file">Filename:</label>
<input type="file" name="file" id="file"><br>
<input type="submit" name="submit" value="Submit">
</form>
After error checking and validating that the file is what you are expecting (very important: allowing users to upload anything to your server is a huge security risk), you can move the uploaded file to your final destination on the server in PHP.
move_uploaded_file($_FILES["file"]["tmp_name"], "upload/abc.xyz");
The filename is actualy the file path along with the name of the new file, set the path there and a file will be created with write permissions.
Make sure you give the servers full path not the relative one and that you have the required permission to create a file there.
Always refer to the PHP Manual
Here's a basic example to get you started:
HTML:
<html>
<body>
<form enctype="multipart/form-data" action="upload.php" method="post">
<input type="hidden" name="MAX_FILE_SIZE" value="1000000" />
Choose a file to upload: <input name="uploaded_file" type="file" />
<input type="submit" value="Upload" />
</form>
</body>
</html>
PHP:
<?php
//Сheck that we have a file
if((!empty($_FILES["uploaded_file"])) && ($_FILES['uploaded_file']['error'] == 0)) {
//Check if the file is JPEG image and it's size is less than 350Kb
$filename = basename($_FILES['uploaded_file']['name']);
$ext = substr($filename, strrpos($filename, '.') + 1);
if (($ext == "jpg") && ($_FILES["uploaded_file"]["type"] == "image/jpeg") &&
($_FILES["uploaded_file"]["size"] < 350000)) {
//Determine the path to which we want to save this file
$newname = dirname(__FILE__).'/upload/'.$filename;
//Check if the file with the same name is already exists on the server
if (!file_exists($newname)) {
//Attempt to move the uploaded file to it's new place
if ((move_uploaded_file($_FILES['uploaded_file']['tmp_name'],$newname))) {
echo "It's done! The file has been saved as: ".$newname;
} else {
echo "Error: A problem occurred during file upload!";
}
} else {
echo "Error: File ".$_FILES["uploaded_file"]["name"]." already exists";
}
} else {
echo "Error: Only .jpg images under 350Kb are accepted for upload";
}
} else {
echo "Error: No file uploaded";
}
?>
Refer to the documention for more information.
Hope this helps!
I would like to have the user upload a pdf to a folder on my website. (note:this is for learning purposes, so security is not necessary) The code I have below does not do echo a response when submitted. The folder I would like to have the pdf uploaded to is in the same directory as the php script, is it possible I'm incorrectly referencing that folder? I appreciate it.
<form method = "POST" action = "<?php echo $_SERVER['PHP_SELF']; ?>" enctype="multipart/form-data" method="post">
Email:<br /> <input type = "text" name="email" value=""/><br />
Resume:<br /><input type = "file" name="resume" value=""/><br />
<p><input type="submit" name ="submit" value="Submit Resume" /></p>
</form>
if(isset($_POST['submit']))
{
define ("FILEREPOSITORY","./resume/");
if (is_uploaded_file($_FILES['resume']['tmp_name'])) {
if ($_FILES['resume']['type'] != "application/pdf") {
echo "<p>Resume must be in PDF Format.</p>";
}
}else {
$name = $_POST['email'];
$result = move_uploaded_file($_FILES['resume']['tmp_name'], FILEREPOSITORY."/$name.pdf");
if ($result == 1) {
echo "<p>File successfully uploaded.</p>";
}
else {
echo "<p>There was a problem uploading the file.</p>";
}
}
}
You have a logical error. Your else statement should be part of the inner if statement -- not the outer one.
would suggest you check the permissions for the upload folder and the max size for file uploading in your php.ini... its happened to me many times uploading a file exceeding the limits and not getting an error message.. also the logic of your if else doesn't match as suggested by your previous post..
IT would be of great help to give the error you receive.
move_uploaded_file()
only works if you have the rights to write to the destination folder.