lpxxfaintxx Posted March 9, 2006 Share Posted March 9, 2006 I have [code]<?phpinclude 'db.php';$filename = str_replace(' ', '', $_FILES['userfile']['name']);$tblw = strlen($filename);$ext = substr($filename, $tblw-3, $tblw);if ($ext == 'png' OR $ext == 'gif' OR $ext == 'jpg') { $idq = mysql_query("SELECT `id` FROM `files` ORDER BY `id` DESC LIMIT 1"); $ida = mysql_fetch_assoc($idq); $id = $ida['id'] + 1; $uploaddir = $_SERVER["DOCUMENT"] . "/uploaded/"; $uploadfile = $uploaddir . $id . "." . $ext; move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile); mysql_query("INSERT INTO `files` (`id`,`path`) VALUES('$id','$path')");};?>[/code]and the MySQL runs successful, but the file doesnt get moved from the tmp folder.View: [a href=\"http://www.starcraftarena.roxr.com/fusion/viewpage.php?page_id=1\" target=\"_blank\"]http://www.starcraftarena.roxr.com/fusion/...e.php?page_id=1[/a]When you try to upload a file, it says [!--quoteo--][div class=\'quotetop\']QUOTE[/div][div class=\'quotemain\'][!--quotec--]Warning: move_uploaded_file(): open_basedir restriction in effect. File(/uploaded/1.gif) is not within the allowed path(s): (/home/lpxxfain/:/usr/lib/php:/usr/local/lib/php:/tmp) in /home/lpxxfain/public_html/fusion/upload.php on line 12[/quote].Im thinking maybe its a setting on the server? Any ideas?-Thanks Quote Link to comment Share on other sites More sharing options...
k.soule Posted March 10, 2006 Share Posted March 10, 2006 In linux compatible file systems, / is the root directory. It seems you are trying to upload files to /upload/ and not a relative path on your server. I'd think you would want a location more like:/home/lpxxfain/public_html/upload/In which case[code]define("HANDLE", "/home/lpxxfain/public_html/upload/");$file = "$id.$ext";move_uploaded_file($_FILES['userfile']['tmp_name'], HANDLE.$file;[/code]would be more useful.To clarify a bit, from the error message, it seems you are trying to upload to the root directory which should only be accessible by the root user, if you could access that low in the directory tree, you could wipe the server clean quite easily. Quote Link to comment Share on other sites More sharing options...
lpxxfaintxx Posted March 10, 2006 Author Share Posted March 10, 2006 I did what you said[code]<?phpinclude 'db.php';$filename = str_replace(' ', '', $_FILES['userfile']['name']);define("HANDLE", "/home/lpxxfain/public_html/upload/");$file = "$id.$ext";$tblw = strlen($filename);$ext = substr($filename, $tblw-3, $tblw);if ($ext == 'png' OR $ext == 'gif' OR $ext == 'jpg') { $idq = mysql_query("SELECT `id` FROM `files` ORDER BY `id` DESC LIMIT 1"); $ida = mysql_fetch_assoc($idq); $id = $ida['id'] + 1; move_uploaded_file($_FILES['userfile']['tmp_name'], HANDLE.$file mysql_query("INSERT INTO `files` (`id`,`path`) VALUES('$id','$path')")};?>[/code]but somethings wrong with the syntax.. [!--quoteo--][div class=\'quotetop\']QUOTE[/div][div class=\'quotemain\'][!--quotec--]Parse error: parse error, unexpected T_STRING in /home/lpxxfain/public_html/fusion/upload.php on line 13[/quote]EDIT: nvm, got it working. Thanks, I love you ;) Quote Link to comment Share on other sites More sharing options...
k.soule Posted March 10, 2006 Share Posted March 10, 2006 Hehe, glad it works.The defined location is a matter of preference, you could just as easily put the path in where HANDLE is, nothing special in defining it. Generally speaking, if you are going to be uploading a number of things, it is convenient to define a location. There is a convenient PHP function that looks at picture formats, if you are interested! It saves the hassle of stripping off the extension, it is:[a href=\"http://us3.php.net/exif_imagetype\" target=\"_blank\"]exif_imagetype()[/a] [php.net] Quote Link to comment Share on other sites More sharing options...
lpxxfaintxx Posted March 11, 2006 Author Share Posted March 11, 2006 Eh, I changed the code a little and what da ya know? More errors. :([code]<?phpinclude 'db.php';$username = $userdata['user_name'];$filename = str_replace(' ', '', $_FILES['userfile']['name']);$tblw = strlen($filename);$ext = substr($filename, $tblw-3, $tblw);k$exts = array("png", "gif", "jpg");if(in_array($exts, $ext)) { $idq = mysql_query("SELECT `id` FROM `files` ORDER BY `id` DESC LIMIT 1"); $ida = mysql_fetch_assoc($idq); $id = $ida['id'] + 1; $uploaddir = '/home/lpxxfain/public_html/upload/ . $username'; $uploadfile = $uploaddir . $id . "." . $ext; move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile); mysql_query("INSERT INTO `files` (`id`,`path`,`owner`) VALUES('$id','$path','$username)");};?>[/code][!--quoteo--][div class=\'quotetop\']QUOTE[/div][div class=\'quotemain\'][!--quotec--]Parse error: parse error, unexpected T_VARIABLE in /home/lpxxfain/public_html/fusion/upload.php on line 7[/quote]Anyone know whats wrong? Quote Link to comment Share on other sites More sharing options...
lpxxfaintxx Posted March 11, 2006 Author Share Posted March 11, 2006 I also tried taking the IF out, but the whole script doesnt work.. Quote Link to comment Share on other sites More sharing options...
AndyB Posted March 11, 2006 Share Posted March 11, 2006 What's wrong with line 7 is the orphan k at the end of line 6 Quote Link to comment Share on other sites More sharing options...
lpxxfaintxx Posted March 11, 2006 Author Share Posted March 11, 2006 LOL...Darn, I fixed the code but now the MySQL isn't recieveing the new data.[code]<?phpinclude 'db.php';$username = $userdata['user_name'];$filename = str_replace(' ', '', $_FILES['userfile']['name']);$tblw = strlen($filename);$ext = substr($filename, $tblw-3, $tblw);$exts = array("png", "gif", "jpg");if ($ext == 'png' OR $ext == 'gif' OR $ext == 'jpg') { $idq = mysql_query("SELECT `id` FROM `files` ORDER BY `id` DESC LIMIT 1"); $ida = mysql_fetch_assoc($idq); $id = $ida['id'] + 1; $uploaddir = '/home/lpxxfain/public_html/upload/'; $path = '/home/lpxxfain/public_html/upload/'.$id; $uploadfile = $uploaddir . $id . "." . $ext; move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile); mysql_query("INSERT INTO `files` (`id`,`path`,`owner`) VALUES('$id','$path','$username)");};?>[/code]Why is PHP so hard? So much syntax and stuff, AHH! Did I do anything wrong with the mysql_query? Quote Link to comment Share on other sites More sharing options...
AndyB Posted March 11, 2006 Share Posted March 11, 2006 Remove the orphan ; after your closing curly brace }Finding problems with MySQL queries is always easier if you two do things - echo the actual query to see what it really says (not necessarily the same as what you hope it says), and use mysql error reporting as well :) Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.