Cant upload a file using PHP?
Question
Can you anyone look at my code? People can click the upload button to upload some file and the code should move it to a new location and save it. I tested it by uploading a image file and I cant find that file in the folder I specified. I am certain the directory is correct because I used directory is folder and it can lead to the folder I want it to be in. Because the dir below has my name, I used "1" instead. Thank you in advance!
I changed the code according to answer but it is still giving me back error: Warning: move_uploaded_file(/Users/angeloliao/Documents/Screen.tiff): failed to open stream: Permission denied in /usr/local/zend/apache2/htdocs/JuvoliciousProductViewer/5.php on line 16
Warning: move_uploaded_file(): Unable to move '/usr/local/zend/tmp/phpdfCRD3' to '/Users/angeloliao/Documents/Screen.tiff' in /usr/local/zend/apache2/htdocs/JuvoliciousProductViewer/5.php on line 16
I tried to change the folder's permission using the following command on terminal: sudo chown -R 0755 /Users/angeloliao/Documents. It ran.
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
</head>
<body>
<form enctype="multipart/form-data" method="POST">
<input type="file" name="file" />
<input type="submit" name="submit" value="upload" />
</form>
<?php
if ($_FILES) {
$name = $_FILES['file']['name'];
$temp = $_FILES['file']['tmp_name'];
$dir = "/Users/angeloliao/Documents/";
if (move_uploaded_file($temp,$dir.$name)) {
echo "File is valid, and was successfully uploaded.\n";
}
} else {
echo "Possible file upload attack!\n";
}
?>
</html>
2 answers
solution1
3 2014-07-10 23:48:22
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
</head>
<body>
<form enctype="multipart/form-data" method="POST">
<input type="file" name="file" />
<input type="submit" name="submit" value="upload" />
</form>
<?php
$name = $_FILES['file']['name'];
$temp = $_FILES['file']['tmp_name'];
$dir = "/Users/1/Documents/";
move_uploaded_file($temp,$dir.$name);
?>
</body>
Should be a _ not + and the directory should be "Documents/" WITH a slash
solution2
0 2014-07-11 00:04:56
As per the PHP documentation , the temporary name is found in $_FILES['file']['tmp_name'] not $_FILES['file']['tmp+name'] . Also, do a var_dump() of $dir.$name . If the file you uploaded is "image.jpg" then it would be /Users/1/Documentsimage.jpg . Notice the missing slash.
Changing this will make your code work, but it still doesn't handle all possible errors nor is it secure! Uploads can fail. If they do, you will find an error code ( the docs has a reference that lists them all ) in $_FILES['file']['error'] . You should check that the uploaded succeeded before moving the temporary file (and you should also only execute the move command if the form has been submitted).
In addition, it is not secure to use the name provided by the uploader. Consider if the $_FILE['file']['name'] was ../../../usr/local/bin/php . Then the uploader could replace your PHP interpreter with a malicious executable. This is dangerous! Never trust user input! In this case, the best practice is to randomly generate a filename which is not dependent on the original filename (ie. don't just hash the provided filename, because what if two people upload a file with a same name?).
if($_POST['submit'] === 'upload') { // only process form if it has been submitted
if($_FILES['file']['error'] !== UPLOAD_ERR_OK) {
exit('There was an error uploading your file');
}
$uploads_dir = '/Users/1/Documents/';
$upload_name = sha1(mt_rand().microtime(true)); // you should actually pick
// something more unique
// (collisions are possible)
move_uploaded_file($FILES['file']['tmp_name'], $uploads_dir . $upload_name);
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.