PHP and mysql question

Question

hello everyone i'm having some problem ... question is i want to get the information from a form and save it in database the data is (comment, uploading pictures and email) when i did it it gave a warning

the code

// move file from temp location on server to your uploads folder
  move_uploaded_file($F1["tmp_name"], "Uploads/$F1[name]");
  print "Stored in: Uploads/$F1[name]";


// save location of upload to text file uploads.txt for later use

$datafile = fopen("uploads.txt","a");
flock($datafile,1);
fwrite($datafile, "Uploads/$F1[name]\n");
flock($datafile,3);
fclose($datafile);




// divide size by 1024 to get it in KB
/*  if ($F1["size"] / 1024 > 50) {
    print "Your gif file is too large! Less that 50KB please!";
    exit(0);
  }*/

 if (!(IsSet($_FILE["fname"]))) {




  $query="insert into guestbook (comments, email, img,display) values
  ('$_POST[comments]','$_POST[email]','some address  ', '0')";}

else

$query="insert into guestbook (comments, email, img, display) values
  ('$_POST[comments]','$_POST[email]','some addres', '$_POST[0]')";

the warning i got is

Warning: move_uploaded_file(Uploads/holder.jpg): failed to open stream: No such file or directory in (address) on line 48

Warning: move_uploaded_file(): Unable to move '/tmp/php4OAZMC' to 'Uploads/holder.jpg' in (some address) on line 48 Stored in: Uploads/holder.jpg

how can i fix it ?

thanks in advance

Answer 1

I think it needs an absolute path for the file to be saved to, not a relative to the script location, ie

/home/meme/www/example.com/Uploads/

Also, check your permissions for the Upload directory. Also another little tip that'll save your bacon in the future- keep directory and filenames in lower case; then you won't get bitten in the bottom sometime in the future when your code is looking for a file or directory that doesn't exist because your filesystem is case sensitive!

Answer 2

Does the Uploads/ folder already exist? If not, trying creating it first. That might be causing the error.

Also, its a good idea to check if move_uploaded_file() worked or not. It returns true if it worked, and false if not.

Also, as already mentioned, try using an absolute path as well.

Reference

Answer 3

You should also ensure that your Uploads folder has it's permissions set correctly - For testing purposes, chmod the Uploads folder to 777 using your favourite FTP client.

Make sure that when you're ready to put your upload into practice you ensure you secure the folder properly (ensure not just anyone can write to it) and make sure you put filters in place for the file types.

Answer 4

1. Check to insure the path to move to exists, and your webserver process has rights to write to it.

2. Your insert query is a gaping security hole just waiting for a SQL injection. You can use the following to reduce the likelihood of getting hacked:

   $comments = mysql_real_escape_string($_POST['comments']); $email = mysql_real_escape_string($_POST['email']); $query="insert into guestbook (comments, email, img, display) values ('{$comments}','{$email}','some address ', '0')";