Topic awaiting preservation: PHP file uploads issue... (Page 1 of 1)

Ok, I have a simple little upload script I wanted to use. Unfortunately, the files are uploading themselves into my C:\WINDOWS directory. I am wondering if this has something to do with how I configured php.ini, but it seems everything is in place. My temp upload dir is NOT C:\WINDOWS, and even then, the script should be putting it somewhere else anyway. Is there something that I am missing here? I am running Apache, PHP 4.2.2, MySQL on WinXP.

When viewing phpinfo(), under "Apache Environment", the system root is set at C:\WINDOWS ... Do I have to change this, or is this unchangeable?

What I usually do is let the file land wherever the setup takes it, then I use "copy ( string source, string dest)" or "move_uploaded_file ( string filename, string destination)" to wherever I want it to be placed. This has worked just fine and dandy on both win & linux installations.

The only thing that differs is the path to the directory that the file should be saved in, on my win installs (currently the same as you) I start from the folder the script resides in, on linux I start at the system root (usually /users/bleh...)

/Dan

{cell 260}
-{ a vibration is a movement that doesn't know which way to go }-

That's a good idear DmS. Thanks! I take it there is no workaround in configuring PHP or Apache then?

I think you should show us your script. I would definately not want anything having the ability to upload into my windows directory. That is a sure fire way to make sure your system gets hacked to bloody hell and back.

Please show us your script and even your php.ini configuration. Maybe we can figure out what is going wrong, and help you to fix it so you are not running with some really unstable scripts.


Me

Perhaps I should have added that my windows install is strictly development only, no outside access... And Yes! In a production/live enviroment the paths MUST be set correctly.

On my real host this is already taken care of in their setup, that's why I can do it this way.

/Dan

{cell 260}
-{ a vibration is a movement that doesn't know which way to go }-

Silly me...I was not using an absolute path. Everything seems to work now...I think it will take some time to get used to working with a server. Thank you for the help guys.

Here is the code anyways:

<FORM ENCTYPE="multipart/form-data" ACTION="imageupload.php" METHOD="POST">

The file: <INPUT TYPE="file" NAME="userfile">

<INPUT TYPE="submit" VALUE="Upload">

</FORM>



<?php



$path = "C:\path\to\upload\dir\\";

$max_size = 200000;



if (!isset($HTTP_POST_FILES['userfile'])) exit;



if (is_uploaded_file($HTTP_POST_FILES['userfile']['tmp_name'])) {



if ($HTTP_POST_FILES['userfile']['size']>$max_size) { echo "The file is too big<br>\n"; exit; }

if (($HTTP_POST_FILES['userfile']['type']=="image/gif") &#0124; &#0124; ($HTTP_POST_FILES['userfile']['type']=="image/pjpeg") &#0124; &#0124; ($HTTP_POST_FILES['userfile']['type']=="image/jpeg")) {



if (file_exists($path . $HTTP_POST_FILES['userfile']['name'])) { echo "The file already exists<br>\n"; exit; }



$res = copy($HTTP_POST_FILES['userfile']['tmp_name'], $path .

$HTTP_POST_FILES['userfile']['name']);

if (!$res) { echo "upload failed!<br>\n"; exit; } else { echo "upload sucessful<br>\n"; }



echo "File Name: ".$HTTP_POST_FILES['userfile']['name']."<br>\n";

echo "File Size: ".$HTTP_POST_FILES['userfile']['size']." bytes<br>\n";

echo "File Type: ".$HTTP_POST_FILES['userfile']['type']."<br>\n";

} else { echo "Wrong file type<br>\n"; exit; }



}



?>