Jump to content

Recommended Posts

Hello I am using the code:

<?php
if ($_FILES["file"]["error"] > 0) {
  echo "Error: " . $_FILES["file"]["error"] . "<br>";
} else {
  echo "Upload: " . $_FILES["file"]["name"] . "<br>";
  echo "Type: " . $_FILES["file"]["type"] . "<br>";
  echo "Size: " . ($_FILES["file"]["size"] / 1024) . " kB<br>";
  echo "Stored in: " . $_FILES["file"]["tmp_name"];
}
 
 
 
if ( ($_FILES["file"]["size"] < 25000)
) {
  if ($_FILES["file"]["error"] > 0) {
    echo "Error: " . $_FILES["file"]["error"] . "<br>";
  } else {
    echo "Upload: " . $_FILES["file"]["name"] . "<br>";
    echo "Type: " . $_FILES["file"]["type"] . "<br>";
    echo "Size: " . ($_FILES["file"]["size"] / 1024) . " kB<br>";
    echo "Stored in: " . $_FILES["file"]["tmp_name"];
  }
} else {
  echo "Invalid file";
}
 
echo "<br>".'2'."<br>";
 
 
if (($_FILES["file"]["size"] < 25000)
) {
  if ($_FILES["file"]["error"] > 0) {
    echo "Return Code: " . $_FILES["file"]["error"] . "<br>";
  } else {
    echo "Upload: " . $_FILES["file"]["name"] . "<br>";
    echo "Type: " . $_FILES["file"]["type"] . "<br>";
    echo "Size: " . ($_FILES["file"]["size"] / 1024) . " kB<br>";
    echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br>";
    if (file_exists("upload/" . $_FILES["file"]["name"])) {
      echo $_FILES["file"]["name"] . " already exists. ";
    } else {
     $success= move_uploaded_file($_FILES["file"]["tmp_name"],  $_FILES["file"]["name"]);
 if($success){
      echo "success Stored in: " . $_FILES["file"]["name"];
 }
    }
  }
} else {
  echo "Invalid file";
}
?>
This is properly working on my local host but not working on the server which I am using
this line  $success= move_uploaded_file($_FILES["file"]["tmp_name"],  $_FILES["file"]["name"]); is not working 
kindly help me thanks

Wherever you got this terrible code from, you need to take it offline immediately. This allows anybody to upload and potentially execute malicious code on your server. Or to put it in other words: Once this runs, you'll be “hacked” in no time.

 

File uploads are very critical, and you absolutely must understand the risks and how to deal with them. Turn on your brain, do a Google search and then carefully write your own code. Do not copy and paste stuff you found somewhere on the Internet.

 

To name just a few things you need to take care of:

  • You have to choose the filename (including extension), not the user! Do not store the file under the user-provided filename, because this allows an attacker to place malicious scripts on your server, overwrite existing files or block your entire service by using up all common filenames.
  • The filename must be unique. No, you cannot use file_exists(). This doesn't work with simultaneous uploads, and it will quickly make your upload feature unusable due to name collisions. If I upload a file name “vacation.jpg”, does that mean nobody will ever be able to use that name? That's hardly acceptable. To achieve unique filenames, you must either use an AUTO_INCREMENT column from the database or generate a purely random name.
  • You need to restrict the file types. Is this an image uploader? Then only accept image types.
  • If possible, serve the uploaded files from a different domain so that JavaScript attacks will be less harmful.
  • ...

Sorry for being a bit harsh, but you were about to commit virtual suicide.

Basically it seems you do not have write Access to the target Folder on the Server by the code.

You Need to CHMOD the Folder to 777 or min. that Kind that you have write Access to it.

Do it by the FTP Client, hopefully it supports it. (e.g. WS-FTP is able to)

 

Another thematic is the code as told in the other reply. But it is not the reason for the not running

move. The difference is, as i can see, in the Access rights for the Folder.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.