Question
I'm trying to write some PHP to upload a file to a folder on my webserver. Here's what I have:
<?php
if ( !empty($_FILES['file']['tmp_name']) ) {
move_uploaded_file($_FILES['file']['tmp_name'], './' . $_FILES['file']['name']);
header('Location: http://www.mywebsite.com/dump/');
exit;
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html>
<head>
<title>Dump Upload</title>
</head>
<body>
<h1>Upload a File</h1>
<form action="upload.php" enctype="multipart/form-data" method="post">
<input type="hidden" name="MAX_FILE_SIZE" value="1000000000" />
Select the File:<br /><input type="file" name="file" /><br />
<input type="submit" value="Upload" />
</form>
</body>
</html>
I'm getting these errors:
Warning: move_uploaded_file(./test.txt) [function.move-uploaded-file]: failed to open stream: Permission denied in E:\inetpub\vhosts\mywebsite.com\httpdocs\dump\upload.php on line 3
Warning: move_uploaded_file() [function.move-uploaded-file]: Unable to move 'C:\WINDOWS\Temp\phpA30E.tmp' to './test.txt' in E:\inetpub\vhosts\mywebsite.com\httpdocs\dump\upload.php on line 3
Warning: Cannot modify header information - headers already sent by (output started at E:\inetpub\vhosts\mywebsite.com\httpdocs\dump\upload.php:3) in E:\inetpub\vhosts\mywebsite.com\httpdocs\dump\upload.php on line 4
PHP version 4.4.7 Running IIS on a Windows box. This particular file/folder has 777 permissions.
Any ideas?
Solution
As it's Windows, there is no real 777. If you're using chmod, check the Windows-related comments.
Check that the IIS Account can access (read, write, modify) these two folders:
E:\inetpub\vhosts\mywebsite.com\httpdocs\dump\
C:\WINDOWS\Temp\
OTHER TIPS
OMG
move_uploaded_file($_FILES['file']['tmp_name'], './' . $_FILES['file']['name']);
Don't do that. $_FILES['file']['name']
could be ../../../../boot.ini
or any number of bad things. You should never trust this name. You should rename the file something else and associate the original name with your random name. At a minimum use basename($_FILES['file']['name'])
.
Try adding a path. The following code works for me:
<?php
if ( !empty($_FILES['file']) ) {
$from = $_FILES['file']['tmp_name'];
$to = dirname(__FILE__).'/'.$_FILES['file']['name'];
if( move_uploaded_file($from, $to) ){
echo 'Success';
} else {
echo 'Failure';
}
header('Location: http://www.mywebsite.com/dump/');
exit;
}
?>
Warning: move_uploaded_file() [function.move-uploaded-file]: Unable to move 'C:\WINDOWS\Temp\phpA30E.tmp' to './people.xml' in E:\inetpub\vhosts\mywebsite.com\httpdocs\dump\upload.php on line 3
is the important line it says you can't put the file where you want it and this normally means a permissions problem
check the process running the app (normally the webservers process for php) has the rights to write a file there.
EDIT:
hang on a bit I jumped the gun a little is the path to the file in the first line correct?
Another think to observe is your directory separator, you are using / in a Windows box..
Add the IIS user in the 'dump' folders security persmissions group, and give it read/write access.
Create a folder named "image" with folder permission 777
<?php
move_uploaded_file($_FILES['file']['tmp_name'],"image/".$_FILES['file']['name']);
?>