Jump to content

Archived

This topic is now archived and is closed to further replies.

lpxxfaintxx

File Upload Error

Recommended Posts

I have

[code]<?php
include 'db.php';
$filename = str_replace(' ', '', $_FILES['userfile']['name']);
$tblw = strlen($filename);
$ext = substr($filename, $tblw-3, $tblw);
if ($ext == 'png' OR $ext == 'gif' OR $ext == 'jpg') {
   $idq = mysql_query("SELECT `id` FROM `files` ORDER BY `id` DESC LIMIT 1");
   $ida = mysql_fetch_assoc($idq);
   $id = $ida['id'] + 1;
   $uploaddir = $_SERVER["DOCUMENT"] . "/uploaded/";
   $uploadfile = $uploaddir . $id . "." . $ext;
   move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile);
   mysql_query("INSERT INTO `files` (`id`,`path`) VALUES('$id','$path')");
};
?>[/code]

and the MySQL runs successful, but the file doesnt get moved from the tmp folder.

View: [a href=\"http://www.starcraftarena.roxr.com/fusion/viewpage.php?page_id=1\" target=\"_blank\"]http://www.starcraftarena.roxr.com/fusion/...e.php?page_id=1[/a]

When you try to upload a file, it says [!--quoteo--][div class=\'quotetop\']QUOTE[/div][div class=\'quotemain\'][!--quotec--]Warning: move_uploaded_file(): open_basedir restriction in effect. File(/uploaded/1.gif) is not within the allowed path(s): (/home/lpxxfain/:/usr/lib/php:/usr/local/lib/php:/tmp) in /home/lpxxfain/public_html/fusion/upload.php on line 12[/quote].

Im thinking maybe its a setting on the server? Any ideas?

-Thanks

Share this post


Link to post
Share on other sites
In linux compatible file systems, / is the root directory. It seems you are trying to upload files to /upload/ and not a relative path on your server. I'd think you would want a location more like:

/home/lpxxfain/public_html/upload/

In which case

[code]define("HANDLE", "/home/lpxxfain/public_html/upload/");
$file = "$id.$ext";
move_uploaded_file($_FILES['userfile']['tmp_name'], HANDLE.$file;
[/code]

would be more useful.

To clarify a bit, from the error message, it seems you are trying to upload to the root directory which should only be accessible by the root user, if you could access that low in the directory tree, you could wipe the server clean quite easily.

Share this post


Link to post
Share on other sites
I did what you said

[code]<?php
include 'db.php';
$filename = str_replace(' ', '', $_FILES['userfile']['name']);
define("HANDLE", "/home/lpxxfain/public_html/upload/");
$file = "$id.$ext";
$tblw = strlen($filename);
$ext = substr($filename, $tblw-3, $tblw);
if ($ext == 'png' OR $ext == 'gif' OR $ext == 'jpg') {
   $idq = mysql_query("SELECT `id` FROM `files` ORDER BY `id` DESC LIMIT 1");
   $ida = mysql_fetch_assoc($idq);
   $id = $ida['id'] + 1;
   move_uploaded_file($_FILES['userfile']['tmp_name'], HANDLE.$file
   mysql_query("INSERT INTO `files` (`id`,`path`) VALUES('$id','$path')")
};
?>[/code]

but somethings wrong with the syntax..

[!--quoteo--][div class=\'quotetop\']QUOTE[/div][div class=\'quotemain\'][!--quotec--]Parse error: parse error, unexpected T_STRING in /home/lpxxfain/public_html/fusion/upload.php on line 13[/quote]

EDIT: nvm, got it working. Thanks, I love you ;)

Share this post


Link to post
Share on other sites
Hehe, glad it works.

The defined location is a matter of preference, you could just as easily put the path in where HANDLE is, nothing special in defining it. Generally speaking, if you are going to be uploading a number of things, it is convenient to define a location. There is a convenient PHP function that looks at picture formats, if you are interested! It saves the hassle of stripping off the extension, it is:

[a href=\"http://us3.php.net/exif_imagetype\" target=\"_blank\"]exif_imagetype()[/a] [php.net]

Share this post


Link to post
Share on other sites
Eh, I changed the code a little and what da ya know? More errors. :(

[code]<?php
include 'db.php';
$username = $userdata['user_name'];
$filename = str_replace(' ', '', $_FILES['userfile']['name']);
$tblw = strlen($filename);
$ext = substr($filename, $tblw-3, $tblw);k
$exts = array("png", "gif", "jpg");
if(in_array($exts, $ext)) {
   $idq = mysql_query("SELECT `id` FROM `files` ORDER BY `id` DESC LIMIT 1");
   $ida = mysql_fetch_assoc($idq);
   $id = $ida['id'] + 1;
   $uploaddir = '/home/lpxxfain/public_html/upload/ . $username';
   $uploadfile = $uploaddir . $id . "." . $ext;
   move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile);
   mysql_query("INSERT INTO `files` (`id`,`path`,`owner`) VALUES('$id','$path','$username)");
};
?>[/code]

[!--quoteo--][div class=\'quotetop\']QUOTE[/div][div class=\'quotemain\'][!--quotec--]
Parse error: parse error, unexpected T_VARIABLE in /home/lpxxfain/public_html/fusion/upload.php on line 7[/quote]

Anyone know whats wrong?

Share this post


Link to post
Share on other sites
What's wrong with line 7 is the orphan k at the end of line 6

Share this post


Link to post
Share on other sites
LOL...

Darn, I fixed the code but now the MySQL isn't recieveing the new data.

[code]<?php
include 'db.php';
$username = $userdata['user_name'];
$filename = str_replace(' ', '', $_FILES['userfile']['name']);
$tblw = strlen($filename);
$ext = substr($filename, $tblw-3, $tblw);
$exts = array("png", "gif", "jpg");
if ($ext == 'png' OR $ext == 'gif' OR $ext == 'jpg') {
   $idq = mysql_query("SELECT `id` FROM `files` ORDER BY `id` DESC LIMIT 1");
   $ida = mysql_fetch_assoc($idq);
   $id = $ida['id'] + 1;
   $uploaddir = '/home/lpxxfain/public_html/upload/';
   $path = '/home/lpxxfain/public_html/upload/'.$id;
   $uploadfile = $uploaddir . $id . "." . $ext;
   move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile);
   mysql_query("INSERT INTO `files` (`id`,`path`,`owner`) VALUES('$id','$path','$username)");
};
?>[/code]

Why is PHP so hard? So much syntax and stuff, AHH! Did I do anything wrong with the mysql_query?

Share this post


Link to post
Share on other sites
Remove the orphan ; after your closing curly brace }

Finding problems with MySQL queries is always easier if you two do things - echo the actual query to see what it really says (not necessarily the same as what you hope it says), and use mysql error reporting as well :)

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.