Here is a problem.
I have an HTML form with several fields in it.
One of the fields - 'Upload file'.
When I upload a file, everything works properly. But when I choose to submit the form without a file, it gives me the error message: "There was an error uploading the file, please try again". Looks to me that the script thinks that uploading a file is mandatory.
How do I change it?
Here is my PHP:
//File upload
// Where the file is going to be placed
$target_path = "uploads/";
// Add the original filename to our target path.
//Result is "uploads/filename.extension"
$target_path = $target_path . basename( $_FILES['uploadedfile']['name']);
if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) {
echo "The file ". basename( $_FILES['uploadedfile']['name']).
" has been uploaded";
} else{
echo "There was an error uploading the file, please try again!";
}
//End of file upload
Thank you!
You should check using the function is_uploaded_file
try adding the following condition before calling the function move_uploaded_file
if (is_uploaded_file($_FILES['uploadedfile']['tmp_name'])) {
The target path of move_uploaded_files should be a folder, not a file.
You should also check if the folder is_writeable and is_dir.
move_uploaded_file returns a bool, true or false, depending on the success of the operation.
A solution would be to check more rigorously, e.g. if a file was uploaded at all via is_uploaded_file function.
For proper working, the function is_uploaded_file() needs an argument like $_FILES['userfile']['tmp_name'], - the name of the uploaded file on the clients machine $_FILES['userfile']['name'] does not work.
Related
I am trying to upload a client file to my server (from an html form using a "post" method), run a program on the $upldfile variable and then display the program results as downloadable links for the client.
My code is listed below and every time I run this I get the "file upload failed" notice.
Does anyone know if this is to with a permissions based problem or a server error or a code issue?
Thank you all in advance for any help offered
<?php
error_reporting(E_ALL);
ini_set('display_errors', 1);
$destination_path = getcwd().DIRECTORY_SEPARATOR;
$target_path = $destination_path . "uploads/" . basename( $_FILES["file"{["name"]);
$upldfile = move_uploaded_file($_FILES['file']['tmp_name'], $target_path);
if ($upldfile){
echo "<p>File upload success.</p>";
} else {
echo "<p>File upload failed.";
}
ANSWER:
Changing the permissions appropriately,
and also
modifying the php.ini file to allow larger file uploads.
The code itself in the original file was correct.
I have currently made a script which allows uploading for files within our company. I am looking to improve this script to allow for the directory of the uploaded file to masked within the download link (Don't really want people knowing the directory structure) Is there a way I can encode the link and then once a successful upload is made echo out the masked URL available for our clients to download.
<?php
$target = "upload/";
$target = $target . basename( $_FILES['uploaded']['name']) ;
$ok=1;
//This is our size condition
if ($uploaded_size > 350000)
{
echo "Your file is too large.<br>";
$ok=0;
}
//This is our limit file type condition
if ($uploaded_type =="text/php")
{
echo "No PHP files<br>";
$ok=0;
}
//Here we check that $ok was not set to 0 by an error
if ($ok==0)
{
Echo "Sorry your file was not uploaded";
}
//If everything is ok we try to upload it
else
{
if(move_uploaded_file($_FILES['uploaded']['tmp_name'], $target))
{
echo "The file ". basename( $_FILES['uploadedfile']['name']). " has been uploaded";
}
else
{
echo "Sorry, there was a problem uploading your file.";
}
}
?>
Thanks Guys :)
I won't give you the code, but here is my strategy for implementing file sharing without giving away their location.
Create a file that takes as a parameter the name of the file to be retrieved. It's only purpose is to open the file and stream it out. It should know ahead of time what to do with the file, where to look for it, and how to return it(stream). Let's call it getFile($filename)
In your main PHP file, call the function and store the result in a variable:
$file = getFile($_POST['filename']);
Now send the user the file, and he will be none the wiser about where it came from.
You could make a script that the file bounces. It just accepts the filename as parameter. Something like:
download.php?file=myfile.txt
that way you don't say where you put your files, and it's easy to implement. You could add headers to actually download the file.
Whenever I try to move a file it does not work and shows "Image file not uploaded"... I just want to know where the error is...
$target = '/var/www/student/public/myimage.jpg';
$destination = '/var/www/student/public/images/myimage.jpg';
if( move_uploaded_file( $target, $destination ) ) {
echo "Image file is successfully loaded";
} else {
echo "Image file not uploaded.";
}
I have checked error log (tail -f /var/log/apache2/error.log) but found nothing.
target and destination both directories have 777 permissions.
Can someone tell me that how to find out the error. Any idea ?
If you are not using HTTP POST upload method then you can use rename()
rename($target, $destination);
Has the file been uploaded in the current request?
move_uploaded_file will refuse to move files that are not uploads. (i.e. $target must equal $_FILES[$field_name]['tmp_name']
If it has been uploaded previously, move_uploaded_file will refuse to work (if it is even still there - PHP will delete it if you don't handle the file on that upload if I remember correctly)
If it is in fact not a file that has been uploaded with this request you'll want to use rename
move_uploaded_file() only works on http post files. http://php.net/manual/en/function.move-uploaded-file.php
to move a file already on the server, you will have to copy the file and unlink the old file
$target = '/var/www/student/public/myimage.jpg';
$destination = '/var/www/student/public/images/myimage.jpg';
if (copy($target, $destination)) {
unlink($target);
} else {
echo "Unable to copy $target to $destination.";
}
how can i make sure that no php/html files are uploaded to my server? this is my code i have so far but it isn't working.
<?php
$target = "upload/";
$target = $target . basename( $_FILES['uploaded']['name']) ;
$ok=1;
//This is our size condition
if ($uploaded_size > 35000)
{
echo "Your file is too large.<br>";
$ok=0;
}
//This is our limit file type condition
if ($uploaded_type =="text/php")
{
echo "No PHP files<br>";
$ok=0;
}
//Here we check that $ok was not set to 0 by an error
if ($ok==0)
{
Echo "Sorry your file was not uploaded";
}
//If everything is ok we try to upload it
else
{
if(move_uploaded_file($_FILES['uploaded']['tmp_name'], $target))
{
echo "The file ". basename( $_FILES['uploadedfile']['name']). " has been uploaded and will be revied by moderators. You will recieve points based on the review.";
}
else
{
echo "Sorry, there was a problem uploading your file.";
}
}
?>
Your code uses variables which are not set, for example, $uploaded_size which will be NULL unless you do something like...
$uploaded_size = $_FILES['uploaded']['size'];
Also, checking the MIME is not too great at telling you whether the file has PHP or not. It just means it has the php extension (that is if you are inspecting type in $_FILES).
For security, move uploads outside of the docroot, rename and drop any extension (to prevent Apache trying to run any malicious file). The original filename and type can be stored safely in a database, with a reference to the (perhaps hashed) new name.
You may also want to ensure if you are streaming the content later to always echo the content using readfile() and not something like include (which will run your PHP code, even if embedded in an image with image/gif MIME, which can be told it is a GIF if it includes the GIF header).
Check out http://www.php.net/manual/en/function.exif-imagetype.php - this checks for certain magic numbers that all JPG's have at the beginning. Also, as others have pointed out, you're using undefined variables... check out the PHP tutorial for file uploading ( which also documents the contents of $_FILE).
http://www.php.net/manual/en/features.file-upload.post-method.php
I need to resize an uploaded image.
The class that resizes needs to get the location of the image to be worked with.
It returns the image in a variable.
However, when I try to get the path to the image, I get from $_FILES['profile_upload']['tmp_name'] the following: C:\xampp\tmp\php1C5.tmp
I don't get the actual file, even though the tmp folder contains it!
How can I get the actual filename? Another question - for how long are the files stored in tmp, and when do they get deleted?
By the way, does the Zend Framework have a good image manipulation interface?
You should complete the whole file upload setup with something similar and then the variable $_FILES['uploadedfile']['name'] will also contain the original file name:
$target_path = "uploads/";
$target_path = $target_path . basename( $_FILES['uploadedfile']['name']);
if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) {
echo "The file ". basename( $_FILES['uploadedfile']['name']).
" has been uploaded";
} else{
echo "There was an error uploading the file, please try again!";
}
To address your second point: Files are stored until the script they were uploaded to finishes.