<...">
All geek questions in one place

How can I debug problems with move_uploaded_file?

I have a form like

<form action="send.php" method="post" enctype="multipart/form-data"> <div> <label for="subject">Subject</label> <input type="text" name="subject" /> </div> <div> <label for="image">Image</label> <input type="file" name="image" /> </div> <input type="submit" value="Send" /> </form>

Php like

 echo '<pre>'; print_r($_FILES); echo '</pre>'; if (move_uploaded_file($_FILES['image']['tmp_name'], 'images/' . $_FILES['image']['name'])) { echo 'ok'; } else { echo 'error!'; };

I keep getting error print_r looks like

 Array ( [image] => Array ( [name] => Untitled-1.jpg [type] => image/jpeg [tmp_name] => /tmp/phpprWdjN [error] => 0 [size] => 61768 ) )
+4
source share
4 answers

Activate the error report , then you should see an error caused by move_uploaded_file , telling you what is wrong.

+4
source

Your $ _FILES file looks like error = 0 means the download completed successfully. This is most likely a permission error. You can try to do something like:

 if (!is_writeable('images/' . $_FILES['image']['name'])) { die("Cannot write to destination file"); }

However, keep in mind that you are using a user-provided file name, so if someone uploads "pwn_my_server.php", your script will write it to the image directory and then it can just visit yoursite.com/images/pwn_my_server.php and take control of your site.

In general, NEVER trust anything in the $ _FILES array or use it directly, as its contents are under remote user control. The only thing created by the server is the error code and tmp_name. The rest is potentially malicious.

+4
source

there may be a problem in the "image /" folder, you can set the absolute path here and make sure the path is writable, then try.

0
source

Use the following code: 1. create a directory named 'uploads' 2. Save the file with the extension .php

now run the code.

 <?php if (!empty($_FILES)) { // PATH TO THE DIRECTORY WHERE FILES UPLOADS $file_src = 'uploads/'.$_FILES['image']['name']; // FUNCTION TO UPLOAD THE FILE if(move_uploaded_file($_FILES['image']['tmp_name'], $file_src)): // SHOW THE SUCCESS MESSAGE AFTER THE MOVE - NO VISIBLE CHANGE echo 'Your file have been uploaded sucessfuly'; else: // SHOW ERROR MESSAGE echo 'Error'; endif; } ?> <form action="" method="post" enctype="multipart/form-data"> <div> <label for="subject">Subject</label> <input type="text" name="subject" /> </div> <div> <label for="image">Image</label> <input type="file" name="image" /> </div> <input type="submit" value="Send" name='submit' /> </form>

:)

0
source

Source: https://habr.com/ru/post/1342739/

More articles:


All Articles