Answer the question
In order to leave comments, you need to log in
H
H
herfleisch2012-12-23 14:00:03
herfleisch, 2012-12-23 14:00:03
File upload to server in PHP
Hello.
I'm not very strong in PHP, but after scrolling through a few pages of Google, I realized that my situation is not typical.
I need to upload a file to the server using a script. To do this, I found a very simple html file on the Internet:
<html>
<body>
<form action="upload.php" method="post"
enctype="multipart/form-data">
<label for="file">Filename:</label>
<input type="file" name="file" id="file"><br>
<input type="submit" name="submit" value="Submit">
</form>
</body>
</html>
and the same simple script:
<?php
$allowedExts = array("jpg", "jpeg", "gif", "png");
$extension = end(explode(".", $_FILES["file"]["name"]));
if ((($_FILES["file"]["type"] == "image/gif")
|| ($_FILES["file"]["type"] == "image/jpeg")
|| ($_FILES["file"]["type"] == "image/png")
|| ($_FILES["file"]["type"] == "image/pjpeg"))
&& ($_FILES["file"]["size"] < 20000)
&& in_array($extension, $allowedExts))
{
if ($_FILES["file"]["error"] > 0)
{
echo "Return Code: " . $_FILES["file"]["error"] . "<br>";
}
else
{
echo "Upload: " . $_FILES["file"]["name"] . "<br>";
echo "Type: " . $_FILES["file"]["type"] . "<br>";
echo "Size: " . ($_FILES["file"]["size"] / 1024) . " kB<br>";
echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br>";
if (file_exists("upload/" . $_FILES["file"]["name"]))
{
echo $_FILES["file"]["name"] . " already exists. ";
}
else
{
move_uploaded_file($_FILES["file"]["tmp_name"],
"upload/" . $_FILES["file"]["name"]);
echo "Stored in: " . "upload/" . $_FILES["file"]["name"];
}
}
}
else
{
echo "Invalid file<br />";
print_r($_FILES);
}
?>
As expected, the file does not load. The whole problem is that $_FILES["file"]["error"] contains nothing. After "loading" the $_FILES array looks like this:
Array ( [file] => Array ( [name] => avatar-95x95.jpg ) )
in php.ini:
post_max_size = 8M
file_uploads = On
upload_max_filesize = 2M
, etc., everything is generally taken into account and everything is set as needed.
The picture I upload is a normal JPEG, with the jpg extension. However, even when I generally remove all these checks for the file type, the same thing happens anyway. Tried on different browsers. The script is running on my instance on amazon aws ec2 running SuSE Linux, Apache2.
7 answer(s)
@herfleisch
@decameron
2.
@melkij
@KEKSOV
@BeLove
K
KEKSOV, 2012-12-23 @herfleisch
And, everything is clear , you need to change the version of PHP. You just have buggy 5.3.8 installed
A
Anatol Pohorilyi, 2012-12-23 @decameron
I ran your example. everything is working.
The only thing I had to change:
1. increase the size limit
$_FILES["file"]["size"] < 200002.
$extension = strtolower(end(explode(".", $_FILES["file"]["name"])));M
Melkij, 2012-12-23 @melkij
Have a look at phpinfo() to see if you are looking at the correct php.ini and if the new settings are loaded.
K
KEKSOV, 2012-12-23 @KEKSOV
1. Is the file exactly less than 2M?
2. Does the web server have write access to /tmp?
S
Sergey Belov, 2012-12-24 @BeLove
Never, ever trust $_FILES["file"]["type"] as it means absolutely nothing. This data comes from an HTTP request, which is easy to fake. Check the MIME type of the file when it is already local (php-libs or even `file - ib image.jpg`.
But even then, it’s not a fact that what you defined is there. Headers can also be faked, and put php inside -the code.
Similar questions
S
B
V
P
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question