Having problem with moving uploaded files

[MaryamJamil]

Hello I am using the code:

<?php

if ($_FILES["file"]["error"] > 0) {

  echo "Error: " . $_FILES["file"]["error"] . "<br>";

} else {

  echo "Upload: " . $_FILES["file"]["name"] . "<br>";

  echo "Type: " . $_FILES["file"]["type"] . "<br>";

  echo "Size: " . ($_FILES["file"]["size"] / 1024) . " kB<br>";

  echo "Stored in: " . $_FILES["file"]["tmp_name"];

}

 

 

 

if ( ($_FILES["file"]["size"] < 25000)

) {

  if ($_FILES["file"]["error"] > 0) {

    echo "Error: " . $_FILES["file"]["error"] . "<br>";

  } else {

    echo "Upload: " . $_FILES["file"]["name"] . "<br>";

    echo "Type: " . $_FILES["file"]["type"] . "<br>";

    echo "Size: " . ($_FILES["file"]["size"] / 1024) . " kB<br>";

    echo "Stored in: " . $_FILES["file"]["tmp_name"];

  }

} else {

  echo "Invalid file";

}

 

echo "<br>".'2'."<br>";

 

 

if (($_FILES["file"]["size"] < 25000)

) {

  if ($_FILES["file"]["error"] > 0) {

    echo "Return Code: " . $_FILES["file"]["error"] . "<br>";

  } else {

    echo "Upload: " . $_FILES["file"]["name"] . "<br>";

    echo "Type: " . $_FILES["file"]["type"] . "<br>";

    echo "Size: " . ($_FILES["file"]["size"] / 1024) . " kB<br>";

    echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br>";

    if (file_exists("upload/" . $_FILES["file"]["name"])) {

      echo $_FILES["file"]["name"] . " already exists. ";

    } else {

     $success= move_uploaded_file($_FILES["file"]["tmp_name"],  $_FILES["file"]["name"]);

 if($success){

      echo "success Stored in: " . $_FILES["file"]["name"];

 }

    }

  }

} else {

  echo "Invalid file";

}

?>

This is properly working on my local host but not working on the server which I am using

this line  $success= move_uploaded_file($_FILES["file"]["tmp_name"],  $_FILES["file"]["name"]); is not working 

kindly help me thanks

[Jacques1]

Wherever you got this terrible code from, you need to take it offline immediately. This allows anybody to upload and potentially execute malicious code on your server. Or to put it in other words: Once this runs, you'll be “hacked” in no time.

 

File uploads are very critical, and you absolutely must understand the risks and how to deal with them. Turn on your brain, do a Google search and then carefully write your own code. Do not copy and paste stuff you found somewhere on the Internet.

 

To name just a few things you need to take care of:

• You have to choose the filename (including extension), not the user! Do not store the file under the user-provided filename, because this allows an attacker to place malicious scripts on your server, overwrite existing files or block your entire service by using up all common filenames.
• The filename must be unique. No, you cannot use file_exists(). This doesn't work with simultaneous uploads, and it will quickly make your upload feature unusable due to name collisions. If I upload a file name “vacation.jpg”, does that mean nobody will ever be able to use that name? That's hardly acceptable. To achieve unique filenames, you must either use an AUTO_INCREMENT column from the database or generate a purely random name.
• You need to restrict the file types. Is this an image uploader? Then only accept image types.
• If possible, serve the uploaded files from a different domain so that JavaScript attacks will be less harmful.
• ...

Sorry for being a bit harsh, but you were about to commit virtual suicide.

[BigMac121263]

Basically it seems you do not have write Access to the target Folder on the Server by the code.

You Need to CHMOD the Folder to 777 or min. that Kind that you have write Access to it.

Do it by the FTP Client, hopefully it supports it. (e.g. WS-FTP is able to)

 

Another thematic is the code as told in the other reply. But it is not the reason for the not running

move. The difference is, as i can see, in the Access rights for the Folder.