Hello, i have a problem with a upload script. the folder "gecko" is chmoded 777 aswell as the 2 files, still each time i try to upload someting i get "There was an error uploading the file, please try again!" why would this be ?? up.php <form enctype="multipart/form-data" action="upload.php" method="POST"> <input type="hidden" name="MAX_FILE_SIZE" value="100000" /> Choose a file to upload: <input name="uploadedfile" type="file" /><br /> <input type="submit" value="Upload File" /> </form> PHP: upload.php <? $target_path = "/var/www/gecko/"; $target_path = $target_path . basename( $_FILES['uploadedfile']['name']); if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) { echo "The file ". basename( $_FILES['uploadedfile']['name']). " has been uploaded"; } else{ echo "There was an error uploading the file, please try again!"; } ?> PHP:
$target_path = $target_path . basename( $_FILES['uploadedfile']['name']); PHP: It's a horrible idea to just use the name that the file was uploaded with. What if someone uses a name that has terminal control characters, stuff like ../, or other bugaboos? Clean all user-supplied data before doing ANYTHING with it. As for your problem, I'd start by: 1) Outputting the full contents of $_FILES to make sure it's really got something in it, and 2) Checking is_writable('/var/www/gecko/') to make sure there's not something preventing that directory from working for you.
Here you go, I've improved your code and secured it alittle: up.php: <form enctype="multipart/form-data" action="<?php print($_SERVER['PHP_SELF']); ?>" method="POST"> <input type="hidden" name="MAX_FILE_SIZE" value="100000" /> Choose a file to upload: <input name="uploadedfile" type="file" /><br /> <input type="submit" name="submit" value="Upload File" /> </form> PHP: upload.php: <?php error_reporting(E_ALL); if(isset($_REQUEST['submit'])){ $target_path = "/var/www/gecko/"; //array containing allowed extensions $allowedExtensions = array('jpg','png','gif'); $filename = basename($_FILES['uploadedfile']['name']); //file extension (security) $file_ext = strtolower(end(explode('.',$filename))); //format and clean file name (security) $filename = strtolower(preg_replace("|[^[:alnum:]\.]|", "", $filename)); if(is_dir($target_path)){ if(is_writable($target_path)){ if(in_array($file_ext,$allowedExtensions)){ $target_path = $target_path.$filename; if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) { echo "The file ". $filename." has been uploaded"; } else{ echo "There was an error uploading the file, please try again!"; } } else { echo "Invalid file extension!"; } } else { echo "The upload directory is not chmodded!"; } } else { echo "The upload directory does not exist!"; } } ?> PHP:
you can use this http://www.jooria.com/scripts/Files-and-Folders-154/Advanced-Upload-Class-944/index.html