File Upload Error

[lpxxfaintxx]

I have

[code]<?php
include 'db.php';
$filename = str_replace(' ', '', $_FILES['userfile']['name']);
$tblw = strlen($filename);
$ext = substr($filename, $tblw-3, $tblw);
if ($ext == 'png' OR $ext == 'gif' OR $ext == 'jpg') {
   $idq = mysql_query("SELECT `id` FROM `files` ORDER BY `id` DESC LIMIT 1");
   $ida = mysql_fetch_assoc($idq);
   $id = $ida['id'] + 1;
   $uploaddir = $_SERVER["DOCUMENT"] . "/uploaded/";
   $uploadfile = $uploaddir . $id . "." . $ext;
   move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile);
   mysql_query("INSERT INTO `files` (`id`,`path`) VALUES('$id','$path')");
};
?>[/code]

and the MySQL runs successful, but the file doesnt get moved from the tmp folder.

View: [a href=\"http://www.starcraftarena.roxr.com/fusion/viewpage.php?page_id=1\" target=\"_blank\"]http://www.starcraftarena.roxr.com/fusion/...e.php?page_id=1[/a]

When you try to upload a file, it says [!--quoteo--][div class=\'quotetop\']QUOTE[/div][div class=\'quotemain\'][!--quotec--]Warning: move_uploaded_file(): open_basedir restriction in effect. File(/uploaded/1.gif) is not within the allowed path(s): (/home/lpxxfain/:/usr/lib/php:/usr/local/lib/php:/tmp) in /home/lpxxfain/public_html/fusion/upload.php on line 12[/quote].

Im thinking maybe its a setting on the server? Any ideas?

-Thanks

[k.soule]

In linux compatible file systems, / is the root directory. It seems you are trying to upload files to /upload/ and not a relative path on your server. I'd think you would want a location more like:

/home/lpxxfain/public_html/upload/

In which case

[code]define("HANDLE", "/home/lpxxfain/public_html/upload/");
$file = "$id.$ext";
move_uploaded_file($_FILES['userfile']['tmp_name'], HANDLE.$file;
[/code]

would be more useful.

To clarify a bit, from the error message, it seems you are trying to upload to the root directory which should only be accessible by the root user, if you could access that low in the directory tree, you could wipe the server clean quite easily.

[lpxxfaintxx]

I did what you said

[code]<?php
include 'db.php';
$filename = str_replace(' ', '', $_FILES['userfile']['name']);
define("HANDLE", "/home/lpxxfain/public_html/upload/");
$file = "$id.$ext";
$tblw = strlen($filename);
$ext = substr($filename, $tblw-3, $tblw);
if ($ext == 'png' OR $ext == 'gif' OR $ext == 'jpg') {
   $idq = mysql_query("SELECT `id` FROM `files` ORDER BY `id` DESC LIMIT 1");
   $ida = mysql_fetch_assoc($idq);
   $id = $ida['id'] + 1;
   move_uploaded_file($_FILES['userfile']['tmp_name'], HANDLE.$file
   mysql_query("INSERT INTO `files` (`id`,`path`) VALUES('$id','$path')")
};
?>[/code]

but somethings wrong with the syntax..

[!--quoteo--][div class=\'quotetop\']QUOTE[/div][div class=\'quotemain\'][!--quotec--]Parse error: parse error, unexpected T_STRING in /home/lpxxfain/public_html/fusion/upload.php on line 13[/quote]

EDIT: nvm, got it working. Thanks, I love you ;)

[k.soule]

Hehe, glad it works.

The defined location is a matter of preference, you could just as easily put the path in where HANDLE is, nothing special in defining it. Generally speaking, if you are going to be uploading a number of things, it is convenient to define a location. There is a convenient PHP function that looks at picture formats, if you are interested! It saves the hassle of stripping off the extension, it is:

[a href=\"http://us3.php.net/exif_imagetype\" target=\"_blank\"]exif_imagetype()[/a] [php.net]

[lpxxfaintxx]

Eh, I changed the code a little and what da ya know? More errors. :(

[code]<?php
include 'db.php';
$username = $userdata['user_name'];
$filename = str_replace(' ', '', $_FILES['userfile']['name']);
$tblw = strlen($filename);
$ext = substr($filename, $tblw-3, $tblw);k
$exts = array("png", "gif", "jpg");
if(in_array($exts, $ext)) {
   $idq = mysql_query("SELECT `id` FROM `files` ORDER BY `id` DESC LIMIT 1");
   $ida = mysql_fetch_assoc($idq);
   $id = $ida['id'] + 1;
   $uploaddir = '/home/lpxxfain/public_html/upload/ . $username';
   $uploadfile = $uploaddir . $id . "." . $ext;
   move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile);
   mysql_query("INSERT INTO `files` (`id`,`path`,`owner`) VALUES('$id','$path','$username)");
};
?>[/code]

[!--quoteo--][div class=\'quotetop\']QUOTE[/div][div class=\'quotemain\'][!--quotec--]
Parse error: parse error, unexpected T_VARIABLE in /home/lpxxfain/public_html/fusion/upload.php on line 7[/quote]

Anyone know whats wrong?

[lpxxfaintxx]

I also tried taking the IF out, but the whole script doesnt work..

[AndyB]

What's wrong with line 7 is the orphan k at the end of line 6

[lpxxfaintxx]

LOL...

Darn, I fixed the code but now the MySQL isn't recieveing the new data.

[code]<?php
include 'db.php';
$username = $userdata['user_name'];
$filename = str_replace(' ', '', $_FILES['userfile']['name']);
$tblw = strlen($filename);
$ext = substr($filename, $tblw-3, $tblw);
$exts = array("png", "gif", "jpg");
if ($ext == 'png' OR $ext == 'gif' OR $ext == 'jpg') {
   $idq = mysql_query("SELECT `id` FROM `files` ORDER BY `id` DESC LIMIT 1");
   $ida = mysql_fetch_assoc($idq);
   $id = $ida['id'] + 1;
   $uploaddir = '/home/lpxxfain/public_html/upload/';
   $path = '/home/lpxxfain/public_html/upload/'.$id;
   $uploadfile = $uploaddir . $id . "." . $ext;
   move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile);
   mysql_query("INSERT INTO `files` (`id`,`path`,`owner`) VALUES('$id','$path','$username)");
};
?>[/code]

Why is PHP so hard? So much syntax and stuff, AHH! Did I do anything wrong with the mysql_query?

[AndyB]

Remove the orphan ; after your closing curly brace }

Finding problems with MySQL queries is always easier if you two do things - echo the actual query to see what it really says (not necessarily the same as what you hope it says), and use mysql error reporting as well :)