Jump to content

File Upload Error


lpxxfaintxx

Recommended Posts

I have

[code]<?php
include 'db.php';
$filename = str_replace(' ', '', $_FILES['userfile']['name']);
$tblw = strlen($filename);
$ext = substr($filename, $tblw-3, $tblw);
if ($ext == 'png' OR $ext == 'gif' OR $ext == 'jpg') {
   $idq = mysql_query("SELECT `id` FROM `files` ORDER BY `id` DESC LIMIT 1");
   $ida = mysql_fetch_assoc($idq);
   $id = $ida['id'] + 1;
   $uploaddir = $_SERVER["DOCUMENT"] . "/uploaded/";
   $uploadfile = $uploaddir . $id . "." . $ext;
   move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile);
   mysql_query("INSERT INTO `files` (`id`,`path`) VALUES('$id','$path')");
};
?>[/code]

and the MySQL runs successful, but the file doesnt get moved from the tmp folder.

View: [a href=\"http://www.starcraftarena.roxr.com/fusion/viewpage.php?page_id=1\" target=\"_blank\"]http://www.starcraftarena.roxr.com/fusion/...e.php?page_id=1[/a]

When you try to upload a file, it says [!--quoteo--][div class=\'quotetop\']QUOTE[/div][div class=\'quotemain\'][!--quotec--]Warning: move_uploaded_file(): open_basedir restriction in effect. File(/uploaded/1.gif) is not within the allowed path(s): (/home/lpxxfain/:/usr/lib/php:/usr/local/lib/php:/tmp) in /home/lpxxfain/public_html/fusion/upload.php on line 12[/quote].

Im thinking maybe its a setting on the server? Any ideas?

-Thanks
Link to comment
Share on other sites

In linux compatible file systems, / is the root directory. It seems you are trying to upload files to /upload/ and not a relative path on your server. I'd think you would want a location more like:

/home/lpxxfain/public_html/upload/

In which case

[code]define("HANDLE", "/home/lpxxfain/public_html/upload/");
$file = "$id.$ext";
move_uploaded_file($_FILES['userfile']['tmp_name'], HANDLE.$file;
[/code]

would be more useful.

To clarify a bit, from the error message, it seems you are trying to upload to the root directory which should only be accessible by the root user, if you could access that low in the directory tree, you could wipe the server clean quite easily.
Link to comment
Share on other sites

I did what you said

[code]<?php
include 'db.php';
$filename = str_replace(' ', '', $_FILES['userfile']['name']);
define("HANDLE", "/home/lpxxfain/public_html/upload/");
$file = "$id.$ext";
$tblw = strlen($filename);
$ext = substr($filename, $tblw-3, $tblw);
if ($ext == 'png' OR $ext == 'gif' OR $ext == 'jpg') {
   $idq = mysql_query("SELECT `id` FROM `files` ORDER BY `id` DESC LIMIT 1");
   $ida = mysql_fetch_assoc($idq);
   $id = $ida['id'] + 1;
   move_uploaded_file($_FILES['userfile']['tmp_name'], HANDLE.$file
   mysql_query("INSERT INTO `files` (`id`,`path`) VALUES('$id','$path')")
};
?>[/code]

but somethings wrong with the syntax..

[!--quoteo--][div class=\'quotetop\']QUOTE[/div][div class=\'quotemain\'][!--quotec--]Parse error: parse error, unexpected T_STRING in /home/lpxxfain/public_html/fusion/upload.php on line 13[/quote]

EDIT: nvm, got it working. Thanks, I love you ;)
Link to comment
Share on other sites

Hehe, glad it works.

The defined location is a matter of preference, you could just as easily put the path in where HANDLE is, nothing special in defining it. Generally speaking, if you are going to be uploading a number of things, it is convenient to define a location. There is a convenient PHP function that looks at picture formats, if you are interested! It saves the hassle of stripping off the extension, it is:

[a href=\"http://us3.php.net/exif_imagetype\" target=\"_blank\"]exif_imagetype()[/a] [php.net]
Link to comment
Share on other sites

Eh, I changed the code a little and what da ya know? More errors. :(

[code]<?php
include 'db.php';
$username = $userdata['user_name'];
$filename = str_replace(' ', '', $_FILES['userfile']['name']);
$tblw = strlen($filename);
$ext = substr($filename, $tblw-3, $tblw);k
$exts = array("png", "gif", "jpg");
if(in_array($exts, $ext)) {
   $idq = mysql_query("SELECT `id` FROM `files` ORDER BY `id` DESC LIMIT 1");
   $ida = mysql_fetch_assoc($idq);
   $id = $ida['id'] + 1;
   $uploaddir = '/home/lpxxfain/public_html/upload/ . $username';
   $uploadfile = $uploaddir . $id . "." . $ext;
   move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile);
   mysql_query("INSERT INTO `files` (`id`,`path`,`owner`) VALUES('$id','$path','$username)");
};
?>[/code]

[!--quoteo--][div class=\'quotetop\']QUOTE[/div][div class=\'quotemain\'][!--quotec--]
Parse error: parse error, unexpected T_VARIABLE in /home/lpxxfain/public_html/fusion/upload.php on line 7[/quote]

Anyone know whats wrong?
Link to comment
Share on other sites

LOL...

Darn, I fixed the code but now the MySQL isn't recieveing the new data.

[code]<?php
include 'db.php';
$username = $userdata['user_name'];
$filename = str_replace(' ', '', $_FILES['userfile']['name']);
$tblw = strlen($filename);
$ext = substr($filename, $tblw-3, $tblw);
$exts = array("png", "gif", "jpg");
if ($ext == 'png' OR $ext == 'gif' OR $ext == 'jpg') {
   $idq = mysql_query("SELECT `id` FROM `files` ORDER BY `id` DESC LIMIT 1");
   $ida = mysql_fetch_assoc($idq);
   $id = $ida['id'] + 1;
   $uploaddir = '/home/lpxxfain/public_html/upload/';
   $path = '/home/lpxxfain/public_html/upload/'.$id;
   $uploadfile = $uploaddir . $id . "." . $ext;
   move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile);
   mysql_query("INSERT INTO `files` (`id`,`path`,`owner`) VALUES('$id','$path','$username)");
};
?>[/code]

Why is PHP so hard? So much syntax and stuff, AHH! Did I do anything wrong with the mysql_query?
Link to comment
Share on other sites

Remove the orphan ; after your closing curly brace }

Finding problems with MySQL queries is always easier if you two do things - echo the actual query to see what it really says (not necessarily the same as what you hope it says), and use mysql error reporting as well :)
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.