Jump to content


Photo

problem in my uploading file script


  • Please log in to reply
3 replies to this topic

#1 hanhao

hanhao
  • Members
  • PipPip
  • Member
  • 10 posts

Posted 01 June 2006 - 04:42 AM

problem for my uploading file script


hi i got a problem with my uploading script
here is the code on the page which shows the upload button.

<form enctype="multipart/form-data" action="uploader.php" method="POST">
<input type="hidden" name="MAX_FILE_SIZE" value="90000000" />
Choose a file to upload: <input name="uploadfile" type="file" /><br />
<input type="submit" value="Upload File" />
</form> 

here is the code taken from php.net, it's in upload.php
<?php
// In PHP versions earlier than 4.1.0, $HTTP_POST_FILES should be used instead
// of $_FILES.

$uploaddir = "/website_root/color_scripts/querypic.jpg";
$uploadfile = $uploaddir . basename($_FILES['userfile']['name']);

echo '<pre>';
if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) {
   echo "File is valid, and was successfully uploaded.\n";
} else {
   echo "Possible file upload attack!\n";
}

echo 'Here is some more debugging info:';
print_r($_FILES);

print "</pre>";

?> 

upon uploading i get the following error
[!--quoteo--][div class=\'quotetop\']QUOTE[/div][div class=\'quotemain\'][!--quotec--]
Possible file upload attack!
Here is some more debugging info:Array
(
[uploadfile] => Array
(
[name] => querypic.jpg
[type] => image/pjpeg
[tmp_name] => d:\Program Files\xampp\tmp\phpBB.tmp
[error] => 0
[size] => 30489
)

)
[/quote]

can anyone please help?


#2 hvle

hvle
  • Members
  • PipPipPip
  • Advanced Member
  • 667 posts
  • Locationmelbourne, Australia

Posted 01 June 2006 - 05:00 AM

your $uploaddir should be a directory, it is currently a file.

change to:
$uploaddir = '"/website_root/color_scripts/';
or something else.

also, the directory must be already created and set to writable (0777)
Life's too short for arguing.

#3 hanhao

hanhao
  • Members
  • PipPip
  • Member
  • 10 posts

Posted 01 June 2006 - 05:20 AM

[!--quoteo(post=378944:date=Jun 1 2006, 12:00 AM:name=hvle)--][div class=\'quotetop\']QUOTE(hvle @ Jun 1 2006, 12:00 AM) View Post[/div][div class=\'quotemain\'][!--quotec--]
your $uploaddir should be a directory, it is currently a file.

change to:
$uploaddir = '"/website_root/color_scripts/';
or something else.

also, the directory must be already created and set to writable (0777)
[/quote]


ok here's the change
<?php
// In PHP versions earlier than 4.1.0, $HTTP_POST_FILES should be used instead
// of $_FILES.

[b]$uploaddir = "/website_root/color_scripts/";[/b]
$uploadfile = $uploaddir . basename($_FILES['userfile']['name']);

echo '<pre>';
if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) {
   echo "File is valid, and was successfully uploaded.\n";
} else {
   echo "Possible file upload attack!\n";
}

echo 'Here is some more debugging info:';
print_r($_FILES);

print "</pre>";

?> 

the directory exists
hoW do i set it to writable??

#4 hvle

hvle
  • Members
  • PipPipPip
  • Advanced Member
  • 667 posts
  • Locationmelbourne, Australia

Posted 01 June 2006 - 05:42 AM

if the server is on remote server, use ftp, login and set permission to 0777

if it's on your local machine, i'm sure you know how.
Life's too short for arguing.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users