8

I'm having a nightmare using PHP to upload files to my server, however when using this simple HTML form, it appears to work:

<html><body>
<form enctype="multipart/form-data" action="uploads.php" method="POST">
<input type="hidden" name="MAX_FILE_SIZE" value="100000" />
Choose a file to upload: <input name="uploadedfile" type="file" /><br />
<input type="submit" value="Upload File" />
</form>

The PHP is then:

<?php
$target_path = "uploads/";
$target_path = $target_path . basename( $_FILES['uploadedfile']['name']); 
if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) {
echo "The file ".  basename( $_FILES['uploadedfile']['name']). 
" has been uploaded";
} else{
echo "There was an error uploading the file, please try again!";
}
?>

Is there any possible way to send a file via this technique using curl from the command line or a shell script? i.e something along the lines of:

curl -f "@/path/to/my/file;type=text/html" http://mywebserver.com/uploads.php

That particular line gives me: "curl: (22) Failed to connect to ::1: Permission denied" although there is no password on the site etc. I assume this is possible, but I'm getting the syntax wrong?

Improve this question
2
  • You should also set the method to post via -X 'POST' Commented Apr 30, 2013 at 19:49
  • Be very carefully with this script as it uploads any kind of files and is a security hole (scripts can be uploaded directly to your server and then executed using the browser)... so extra coding for protection is required! Commented Mar 20, 2014 at 7:56

1 Answer 1

Reset to default
12

I think you want the argument to be a capital F (for Form). Lowercase f is for fail, and returns error code 22. Seriously, it's in the manual!

-f, --fail

(HTTP) Fail silently (no output at all) on server errors. This is mostly done to better enable scripts etc to better deal with failed attempts. In normal cases when an HTTP server fails to deliver a document, it returns an HTML document stating so (which often also describes why and more). This flag will prevent curl from outputting that and return error 22.

This method is not fail-safe and there are occasions where non-successful response codes will slip through, especially when authentication is involved (response codes 401 and 407).

-F, --form

(HTTP) This lets curl emulate a filled-in form in which a user has pressed the submit button. This causes curl to POST data using the Content-Type multipart/form-data according to RFC 2388. This enables uploading of binary files etc. To force the 'content' part to be a file, prefix the file name with an @ sign. To just get the content part from a file, prefix the file name with the symbol <. The difference between @ and < is then that @ makes a file get attached in the post as a file upload, while the < makes a text field and just get the contents for that text field from a file.

Also, you've not named your file variable. I think you want:

curl -F "uploadedfile=@/path/to/my/file" http://mywebserver.com/uploads.php
Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

Thanks, though it still doesn't work. (this time the PHP returns with: "there was an error uploading the file". I think I'm destined to be a -f failure today.
I've added a bit about naming your file variable too
You Sir, are a genius!! Thanks so much, very much appreciated. Working like a dream.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.