#1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Oct 2012
    Posts
    3
    Rep Power
    0

    Help with move_uploaded_file


    No matter what I seem to try I am unable to get the image to upload to my server on 1and1. I am really struggling to see the problem so any help would be most welcome. Below is my php.ini
    Code:
    register_globals = 0 
    allow_url_fopen = 1 
    session.bug_compat_warn = 0 
    memory_limit = 128M 
    max_execution_time=3600 
    post_max_size = 128M 
    ; Whether to allow HTTP file uploads. ; http://php.net/file-uploads 
    file_uploads = On 
    ; Temporary directory for HTTP uploaded files (will use system default if not ; specified). ; 
    http://php.net/upload-tmp-dir 
    upload_tmp_dir = "temp" 
    ; Maximum allowed size for uploaded files. ; http://php.net/upload-max-filesize 
    upload_max_filesize = "20000000M" 
    ; Maximum number of files that can be uploaded via a single request 
    max_file_uploads = 20
    And this is the PHP upload script. Any help would be hugely appreciated:

    PHP Code:
    <?php
     
    include ('connection.php');

    session_start(); 


    $sql "INSERT INTO articles VALUES
     (NULL,'"
    .$_POST['title']."',CURDATE(), '".$_SESSION['ID']."','Images/".$_POST['previewImage']."',
     '"
    .$_POST['preview']."', '".$_POST['video']."', '".$_POST['content']."',
     '"
    .$_POST['additionalInformation']."', '".$_POST['type']."')";

                        
    $moveto "Images/{$_FILES['previewImage'] ['name']}";
                         
    $movetemp "temp/{$_FILES['previewImage'] ['name']}";
                        
    chmod($moveto,0777);
                        
    chmod($movetemp,0777);
                        
    move_uploaded_file($_FILES['previewImage'] ['tmp_name'], $moveto);
                        
    mysql_query($sql,$conn);
                        
    header("Location: index.php");
     
            
    ?>
    Many thanks for your time
  2. #2
  3. Confused badger
    Devshed Beginner (1000 - 1499 posts)

    Join Date
    Mar 2009
    Location
    West Yorkshire
    Posts
    1,112
    Rep Power
    487
    smartroadster22,
    I'm sure that someone else will say it if I don't but you should NEVER EVER EVER EVER write $_POST or $_GET variables directly into your SQL!!! Never. Ever. Never ever.

    ALWAYS parse them beforehand with either an approriate function (mysql_real_escape_string for example) or use PDO etc.

    If you don't, someone WILL crack your system wide open.

    Anyway, let's start with the basics, does the record get put into the Database? Can you monitor the temp folder to see if it gets that far? Does the wwwrun user (or whoever is serving the webpages) have write access to the temp and final destination folder?

    have you tried to use the full path to the destination folder; for example

    "/my/server/www/target"

    instead of

    "target"

    I notice you're trying a chmod of the target folder but again, if the user that's running the website doesn't have sufficient access, then it won't do that either (I don't think that it would stop the script which may make it look like it's working).

    Set the permissions by hand on your control panel and then re-try.
    "For if leisure and security were enjoyed by all alike, the great mass of human beings who are normally stupefied by poverty would become literate and would learn to think for themselves; and when once they had done this, they would sooner or later realise that the privileged minority had no function and they would sweep it away"
    - George Orwell, 1984
  4. #3
  5. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Oct 2012
    Posts
    3
    Rep Power
    0
    Thanks badger_fruit for your reply,

    The record does indeed enter the database, it doesn't even get to the temp folder, I have tried using the full directory too. I have changed the folder permissions to 777, would this allow the wwwrun user to access them?
  6. #4
  7. Confused badger
    Devshed Beginner (1000 - 1499 posts)

    Join Date
    Mar 2009
    Location
    West Yorkshire
    Posts
    1,112
    Rep Power
    487
    Originally Posted by smartroadster22
    Thanks badger_fruit for your reply,

    The record does indeed enter the database, it doesn't even get to the temp folder, I have tried using the full directory too. I have changed the folder permissions to 777, would this allow the wwwrun user to access them?
    How very odd; yes 777 does give R, W and X permissions to Owning User, Group and World - it's bad karma to do that but I'll hold my hand up to setting certain folders that way during testing/development.
    Well, everything seems to be OK on what I've seen BUT I'd check your FORM to be certain that it's written correctly:-

    PHP Code:
    echo "<form method='post' enctype='multipart/form-data'>";
    ... 
    form goes here ...
    echo 
    "</form>"
    On your processing page, perhaps you can try to echo some variables to help debug:-

    PHP Code:
    echo "Upload: " $_FILES["file"]["name"] . "<br />";
    echo 
    "Type: " $_FILES["file"]["type"] . "<br />";
    echo 
    "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />";
    echo 
    "Temp file: " $_FILES["file"]["tmp_name"] . "<br />"
    I have copied/pasted some upload code of mine which you can try modifying to see if that works, it's got some echos to help me identify what's happening as it goes ... that might help you with your upload problem (it might not as well but worth a try as this is known-working code).

    PHP Code:
        if ($_FILES["file"]["error"] > 0) {
            echo 
    "Return Code: " $_FILES["file"]["error"] . "<br />";
        } else {
            echo 
    "No return code! File is OK!<br>";
            
    $base_attachment_folder "/my/full/path/attachments";
            
    $target_folder_for_new_file "{$base_attachment_folder}/{$record_id}";

            
    // Check if "$target_folder_for_new_file" exists, if not, create!
            
    if (!file_exists("{$target_folder_for_new_file}/")) { exec ("mkdir {$target_folder_for_new_file}"$output); }
            echo 
    "Checked (and created if necessary) the target folder ... <br>";

            if (
    file_exists($target_folder_for_new_file "/" $_FILES["file"]["name"])) {
                echo 
    "The file you are trying to upload already exists";
            } else {
                
    $temp_name $_FILES["file"]["tmp_name"];
                
    $name $_FILES["file"]["name"];
                echo 
    "The destination file does not exist; moving from temp folder ({$temp_name}) into the target folder ({$target_folder_for_new_file}) as new name \"{$name}\" ... <br>";

                
    $upload_status move_uploaded_file($temp_name,"$target_folder_for_new_file/$name");

                if (
    $upload_status==1) {
                    echo 
    "Move completed OK; updating Database ... <br>";
                    
    // I've removed my DB update code and page-redirect but anything that's written here will only be done if all is OK!
                
    } else {
                    echo 
    "Something went wrong with the upload; please check the logs";
                }
            }
        } 
    Good luck!
    "For if leisure and security were enjoyed by all alike, the great mass of human beings who are normally stupefied by poverty would become literate and would learn to think for themselves; and when once they had done this, they would sooner or later realise that the privileged minority had no function and they would sweep it away"
    - George Orwell, 1984
  8. #5
  9. Confused badger
    Devshed Beginner (1000 - 1499 posts)

    Join Date
    Mar 2009
    Location
    West Yorkshire
    Posts
    1,112
    Rep Power
    487
    I've just re-read your code and I think that if you remove the space between $_FILES['previewImage'] and the ['tmp_name'], thiat might fix it.

    (e.g. $_FILES['previewImage'] ['tmp_name'] becomes $_FILES['previewImage']['tmp_name'] and so on)
    "For if leisure and security were enjoyed by all alike, the great mass of human beings who are normally stupefied by poverty would become literate and would learn to think for themselves; and when once they had done this, they would sooner or later realise that the privileged minority had no function and they would sweep it away"
    - George Orwell, 1984
  10. #6
  11. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Oct 2012
    Posts
    3
    Rep Power
    0
    Originally Posted by badger_fruit
    I've just re-read your code and I think that if you remove the space between $_FILES['previewImage'] and the ['tmp_name'], thiat might fix it.

    (e.g. $_FILES['previewImage'] ['tmp_name'] becomes $_FILES['previewImage']['tmp_name'] and so on)
    Thanks so much this has fixed the problem. You're a life saver

IMN logo majestic logo threadwatch logo seochat tools logo