php file not uploading to temp directory

StackOverflow https://stackoverflow.com/questions/17851972

  •  04-06-2022
  •  | 
  •  

Question

//uploadForm.html

<html>
    <body>
        <form action="upload_file.php" method="post" enctype="multipart/form-data">
            <label for="browseFile">Filename : </label>
            <input type="file" name="file" id="browseFile"><br> 
            <input type="submit" name="submit" value="Submit">
    </body>
</html>

//upload_file.php

<?php
  $allowedExt = array("png","jpg");
    $temp = explode(".",$_FILES["file"]["name"]);
    $extension = end($temp);
    echo "uploading...";
    if((($_FILES["file"]["type"]=="image/png") || ($_FILES["file"]["type"]=="image/jpg")) && ($_FILES["file"]["size"] < 1000000))
    {
        echo "success";
        if($_FILES["file"]["error"] > 0)
        {
            echo "error in uploading" . $_FILES["file"]["error"]."<br>";
        }
        else
        {
            echo "<p>uploaded successfully</p>";
        }
    }
    else
        echo "invalid file" ;

    echo $_FILES["file"]["name"]."stored in ".$_FILES["file"]["tmp_name"]."<br>";
    move_uploaded_file($_FILES["file"]["tmp_name"],"uploads/".$_FILES["file"]["name"]);
    echo "moved Successfully";

?>

When I try to echo the temp directory name , it is blank . The uploaded files are missing . I dont get it in the MAMP/htdocs folder neither in /tmp/ directory .

I dont have uploads directory in /MAMP/htdocs/ .Wont the program create a directory if it does not exist ?

Was it helpful?

Solution

In your final instructions, you have $_FILES['name']['tmp_name'] instead of $_FILES['file']['tmp_name'].

By the way, you have a few errors in your script:

  1. Even if someone uploads an invalid file, you show them an error message, but you still move it to the final place.
  2. $_FILES["file"]["type"] is a value sent by the browser (ie: the client). A malicious attacker may sent you any kind of file and disguise it as a image/png, and you are trusting it. You cannot trust this value. Instead, you could use getimagesize, which returns you an array that has the mime type of the image (and is detected by the server (ie: by you). To detect the mime-type of non-images, you can use FileInfo, concretely finfo_file.

Also, the php script will not create your uploads folder if it does not exist, and instead will show an error (and do nothing). You must create this folder first, and make sure that the user running your php script (usually the same that is running your http server) has write permissions on that directory.

edit: You don't see any uploaded file in your temp directory because (quoting http://www.php.net/manual/en/features.file-upload.post-method.php):

The file will be deleted from the temporary directory at the end of the request if it has not been moved away or renamed.

OTHER TIPS

$allowedExt = array("png","jpg");
echo $temp = explode(".",$_FILES["file"]["name"]);
$extension = end($temp);
echo "uploading...";

if ($_FILES["file"]["error"] > 0)
  {
  echo "Error: " . $_FILES["file"]["error"] . "<br>";
  }
else
  {

    move_uploaded_file($_FILES["file"]["tmp_name"],
    "upload/" . $_FILES["file"]["name"]);
    echo "Stored in: " . "upload/" . $_FILES["file"]["name"];
  }

$_FILES["name"]["tmp_name"] does not exist, it should be $_FILES["file"]["tmp_name"]

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top