$_GET

[Schlo_50]

Hi Guys,

 

Just a quick one. I am trying to pass a string from a text field in a form on one page (a.php) to another page (b.php) via the URL. I have managed to get the string to the other page but cannot get assign it to a variable for use in my upload script. I know the string is getting to b.php as i can print out the string.

 

if(isset($_POST['Submit_a'])){
$ref = $_GET['ref']; 
      $destination_file = "clients/".$ref."/".$myFileName."";
}

 

The problem is that once the upload form is submitted $destination_file doesn't upload the file to clients/$ref/ folder on ftp. Instead it uploads the file to clients/ ignoring $ref.

 

Any ideas?

[revraz]

echo $destination_file

 

what does it contain?

[Schlo_50]

clients//doc.jpg

 

where for example it should say clients/folder/doc.jpg

 

b.php

<?php
session_start();

print $_GET['ref'];
$ref = $_GET['ref'];  		
if(isset($_POST['Submit_a'])){
      $myFile = $_FILES['file_ftp']; 
      $file = $myFile['tmp_name'];  
  $max_size = "314572800";     //Max filesize in bytes. (Set to 300MB)

      $myFileName = basename($_POST['fileName']); //Retrieve filename out of file path

      $destination_file = "clients/".$ref."/".$myFileName."";  //webserver path 
  print $destination_file;
      // connection settings
      $ftp_server = "121.5";  //Address of ftp server. (Could also be )
      $ftp_user_name = "user"; // Username
      $ftp_user_pass = "pass";   // Password

      $conn_id = ftp_connect($ftp_server);        // set up connection
      $login_result = ftp_login($conn_id, $ftp_user_name, $ftp_user_pass) or die("You do not have access to this ftp server!");   
  
      if ((!$conn_id) || (!$login_result)) {  // check connection
           
             print "FTP connection has failed! <br />";
             exit;
         } 
  
  if($_FILES['file_ftp']['size'] > $max_size)
 {
print "Your selected file is too large. You are only permitted to upload files 300MB in size.<br />Your file was <strong>".$_FILES['file_ftp']['size']."</strong> bytes in size.";
 exit;
	  }

      $upload = ftp_put($conn_id, $destination_file, $file, FTP_BINARY);  // upload the file
      if (!$upload) {  // check upload status
         print "Your file upload has been unsuccessful.<br />Failed File: <strong>$myFileName</strong><br />";
      } else {
         print "Your file has uploaded to successfully!<br />Your File: <strong>$myFileName</strong><br />Size: <strong>".$_FILES['file_ftp']['size']."</strong> bytes";
      }

      ftp_close($conn_id); // close
  }
?>

 

Thanks

[discomatt]

NEVER EVER EVER EVER upload a file based entirely on user input.

 

Your best bet is to do something like this

 

call the page like this page.php?ref=3

 

then use

 

$folders = array ('thisfolder', 'thatfolder', 'anotherfolder', 'lastfolder')

if (!is_numeric($_GET['ref']) || $_GET['ref'] > count($folders)-1)

  echo 'Invalid input';

else

  $destination_file = "clients/".$folders[$_GET['ref']]."/".$myFileName."";

 

Imagine if someone called your page like so

 

page.php?ref=../../../some/important/folder/

 

Just not good coding practice.

[revraz]

Lets see the URL that is being passed.

[Schlo_50]

http://address/folder/b.php?ref=foldername

[cooldude832]

I still don't see this working as you don't move the file from the temp location to the $destination_file meaning when u go to ftp you are ftping a location undefined technically

[revraz]

Does

print $_GET['ref'];

 

show foldername?

 

If not, what version of PHP are you using?

[Schlo_50]

The upload form is actually on b.php

 

The only ting im passing from a.php is a string which the user types in. The string is the name of the folder they are uploading to.

[Schlo_50]

Yes,

 

 

print $_GET['ref']; does output the foldername.