$_FILES error on tmp_name

[jkkenzie]

Hello!

When i

print_r($_FILES['attachment']);

I get:

Array ( [name] => FormC1.pdf [type] => application/pdf [tmp_name] => /tmp/phpa4lt0I [error] => 0 => 23051 )

 

there is an error on temp_name,

I want to get the FILE PATH as string so as i can supply it to a variable, which i use on email function.

 

thanks in advance.

[jkkenzie]

Sorry guys, there is no error, i figured i can join like this

$_FILES['attachment']['tmp_name']."/".$_FILES['attachment']['name']

to get a string of thew file path.

 

Am i right?

[Christian F.]

HTML browsers like to strip the whitespace from the source, and show it as a single space. So the proper output of the print_r () statement is:

Array (
    [name] => FormC1.pdf
    [type] => application/pdf
    [tmp_name] => /tmp/phpa4lt0I
    [error] => 0
    [size] => 23051
)

 

As you can see, there are no errors here. With the value for the error index being 0.

However, you are incorrect in your assumption on how to get the file path. I recommend that you read through the PHP manual for file uploads, as it will teach you how to do this.

 

PS: Remember to validate input and escape output, otherwise you'll be open for attackers to overwrite any file on your server.

 

[jkkenzie]

Thanks , kind of need somewhere to learn how to escape output, i hope validating means checking if its the right type of file allowed for upload..

[Christian F.]

Here's a couple of articles that helps explain the two terms, and how to accomplish them:

http://msmvps.com/blogs/alunj/archive/2010/05/31/1771098.aspx

http://en.wikipedia.org/wiki/Secure_input_and_output_handling

 

A very detailed guide:

https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet