temporary file

[krike]

Hey all

 

first of all I'm new so hy

 

 

my question is regarding the temporary file, I'm running 2 CMS systems on my xampp local server, the first is called PHP-nuke and the second is Nuke evolution (which is build from phpnuke)

 

I created an upload module for both and they work great on real webservers, however on localhost I have the following problem:

 

when uploaded it does not show the proper path (the "\" are missing, but this only happens locally not on real webservers) -> Temp file: C:xampptmpphp42B6.tmp

 

while in regular phpnuke it works fine -> Temp file: C:\xampp\tmp\phpEB72.tmp

 

 

it uses the same settings so why are the "\" missing?

 

 

 

hope anyone can help me out

[Mchl]

Probably stripslashes function is triggered by checking some server options (magic_quotes perhaps?). Just guessing.

[krike]

I'm not using the stripslashes(), here is the code:

 

<?php
$username = $_POST['sender_name'];
$result2 = $db->sql_query("SELECT * FROM `". $prefix ."_upload_config`"); 
$config = $db->sql_fetchrow($result2);
$path= "modules/Upload/images/";
include_once('header.php');
OpenTable();
$random_digit=rand(0000,9999);
$filename = $random_digit.$_FILES["file"]["name"];
$filetype = $_FILES["file"]["type"];
$filesize = $_FILES["file"]["size"];
$filetmp =  $_FILES["file"]["tmp_name"];
$error = $_FILES["file"]["error"];
$maxsize = $config['maxsize'];

$url = $path.$filename;

if ((($filetype == "image/gif") 
|| ($filetype == "image/jpeg") 
|| ($filetype == "image/pjpeg") // for IE
|| ($filetype == "image/png") //to allow another extention just copy paste this line
//and place then the copied line here
// a dynamic version will be released in v1.2 or v1.3 (so add extention from administration)
) && ($filesize < $maxsize))
  {
  if ($error > 0)
    {	
	echo "Return Code: ".$error."<br />";
    }
  else
    {

    echo "Upload: ".$filename."<br />";
    echo "Type: ".$filetype."<br />";
    echo "Size: ".$filesize." Kb<br />";
    echo "Temp file: ".$filetmp."<br />";

    if (file_exists($url))
      {
      echo $filename. " already exists. ";
      }
    else
      {
      move_uploaded_file($filetmp, $url);
      echo "Stored in: ".$url;
  
	$result = $db->sql_query("SELECT * FROM `". $prefix ."_upload`"); 
	$db->sql_query("INSERT INTO ".$prefix."_upload (username, img) VALUES ('".$username."','".$filename."')",$result) or die(mysql_error());
      }
    }
  }
else
  {
  echo "Invalid file<br /> This error can be caused by a wrong file type or if the file is to big.";
  }
  
echo "<div align=\"center\">[<a href=\"modules.php?name=Upload\">Go back</a>]</div>";
CloseTable();
include_once('footer.php');
?>

[Mchl]

echo "Temp file: ".addcslashes($filetmp)."<br />";

 

Also you should escape the data before inserting it into database using mysql_real_escape_string

[krike]

just like that? cause I get an invalid argument. I checked the phpmanual and found that you need to pass 2 arguments.

 

anyway that's not the problem, in fact it's not for me but for whoever want's to use it. but not everyone will have the same temporary file... so I don't think that will solve my problem unless I'm wrong?

 

 

[Mchl]

The second argument is a list of characters to be escaped. In fact I think you could do with addslashes

 

The problem is: \ (slash) is so called 'escape character'. It has a special meaning, for example \t is a tab, \n is newline etc. That's why it is stripped when you display a string through echo.

 

However, Microsoft DOS and all their systems since then, use \ as directory separator, which causes your problem. To display \ you need to escape it with another \\

So

echo "\\";

will display

\

 

addcslashes($filetmp,"\") should work for you I think

also

addslashes($filetmp)