0

The following form is on my page html page

<form action="upload_file.php" method="post"
enctype="multipart/form-data">
<label for="file">Filename:</label>
<input type="file" name="file" id="file" /> 
<br />
<input type="submit" name="submit" value="Submit" />
</form>

This is the script for the php 

<?php

    if ((($_FILES["file"]["type"] == "image/gif")
    || ($_FILES["file"]["type"] == "image/jpeg")
    || ($_FILES["file"]["type"] == "image/png")
    || ($_FILES["file"]["type"] == "image/jpg")
    || ($_FILES["file"]["type"] == "image/pjpeg"))
    && ($_FILES["file"]["size"] < 200000000000))
      {
      if ($_FILES["file"]["error"] > 0)
        {
        echo "Return Code: " . $_FILES["file"]["error"] . "<br />";
        }
      else
        {
        echo "Upload: " . $_FILES["file"]["name"] . "<br />";
        echo "Type: " . $_FILES["file"]["type"] . "<br />";
        echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />";
        echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br />";

        if (file_exists("pics/2012/Blackhall Primary/" . $_FILES["file"]["name"]))
          {
          echo $_FILES["file"]["name"] . " already exists. ";
          }
        else
          {
          move_uploaded_file($_FILES["file"]["tmp_name"],
          "pics/2012/Blackhall Primary/" . $_FILES["file"]["name"]);
          echo "Stored in: " . "pics/2012/Blackhall Primary/" . $_FILES["file"]["name"];
          }
        }
      }
    else
      {
      echo "Invalid file";
      }
    ?>

When I press select on the form, nothing. It was working fine. The page with the form is called upload pictuture.html and the scriptt is called upload_file.php they are both on the root and the folder pics/2012/blackhall primary does exist and the pics dir is on the root also.

This was working but is not, can anyone see any errors I've made.

Thanks Ross

Improve this question
1
  • Does it echo file info? Did you try to remove space in folder name? Did you check error_log ? Commented Jul 5, 2012 at 14:53

1 Answer 1

Reset to default
1

Change your privileges and by whom script is executed (usually www-data or apache2) - this account must has write and probably read access to directory, where pictures are uploaded.

Anyway, checking file type based on $_FILES["file"]["type"] isn't safe. This can be easily falsified by hacker.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.