Jump to content


This topic is now archived and is closed to further replies.


move_uploaded_file & upload_tmp_dir

Recommended Posts

    I have a simple form:
<!-- The data encoding type, enctype, MUST be specified as below -->
<form enctype="multipart/form-data" action="upload_test.php" method="POST">
    <!-- MAX_FILE_SIZE must precede the file input field -->
    <input type="hidden" name="MAX_FILE_SIZE" value="30000" />
    <!-- Name of input element determines name in $_FILES array -->
    Send this file: <input name="userfile" type="file" />
    <input type="submit" value="Send File" />

and PHP:
// In PHP versions earlier than 4.1.0, $HTTP_POST_FILES should be used instead
// of $_FILES.

$uploaddir = 'images/';
$uploadfile = $uploaddir . basename($_FILES['userfile']['name']);

echo '<pre>';
if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) {
  echo "File is valid, and was successfully uploaded.\n";
} else {
  echo "Possible file upload attack!\n";

echo 'Here is some more debugging info:';

print "</pre>";


...both of which were taken right from the PHP manual.

When run, here is the error information:
Warning:  move_uploaded_file(images/me.jpg) [function.move-uploaded-file]: failed to open stream: Permission denied in C:\My Documents\My Sites\bearpaths\upload_test.php on line 17

Warning:  move_uploaded_file() [function.move-uploaded-file]: Unable to move 'D:\WINDOWS\TEMP\phpFB9.tmp' to 'images/me.jpg' in C:\My Documents\My Sites\bearpaths\upload_test.php on line 17

Possible file upload attack!
Here is some more debugging info:Array
    [userfile] => Array
            [name] => me.jpg
            [type] => image/jpeg
            [tmp_name] => D:\WINDOWS\TEMP\phpFB9.tmp
            [error] => 0
            [size] => 15641


Site is running locally on IIS/XP. I have made absolutely sure I clicked on 'Write' for the properties of the 'images/' folder in IIS. Secondly, I don't know why "D:\WINDOWS\TEMP\" is being used seeing as how this line is in my php.ini - "upload_tmp_dir = "images\tmp"".

Thanks in advance for any help!

Share this post

Link to post
Share on other sites
yo, i dunno wuts wrong wit urs, but i have a upload script that works. here it is:


//here you can  ban certain file types from being uploaded:
$bad_types = array('application/octet-stream');

if( in_array( $_FILES['uploadedfile']['type'], $bad_types ) )
    echo "That File type is not supported.";
// the upload path is "uploads". make sure you have a "uploads" folder, and make sure it's chmodded to:
// "chmod 777 uploads"
$target_path = "uploads/";
$target_path = $target_path . basename( $_FILES['uploadedfile']['name']);

    if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) {
        echo "The file ".  basename( $_FILES['uploadedfile']['name']).
        " has been uploaded. here is the link to your file: <a href=uploads/".  basename( $_FILES['uploadedfile']['name']). ">".  basename( $_FILES['uploadedfile']['name'])."</a><br>";
    } else{
        echo "There was an error uploading the file, please try again!";


and in the index.html file, make sure you have:
<input name="[b]uploadedfile[/b]" type="file">
for your "browse" button/box thing. make sure it's called "uploadedfile".

Share this post

Link to post
Share on other sites
sorry but i think you not using the code you provided from the localhost or a active url as you code is pointing to a temp folder within windows but it would upload to a image folder in the htdocs if you use a url or localhost.

Share this post

Link to post
Share on other sites
For the first response - thanks but I don't see any difference in the code between yours and mine.

For the second - This script is running in my test environment on my local PC. It is WinXP running IIS. In php.ini it says if 'upload_tmp_dir' is not defined, it will use the system default. On a PC, that default is probably \WINDOWS\TEMP\. But I have defined 'upload_tmp_dir' in my php.ini as I noted in my post and it is not using it. I don't know that is the cause of my problem though.

Share this post

Link to post
Share on other sites


Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.