Re: [PHP] File upload !!!!

Sun, 13 May 2001 23:31:43 -0700 

Hi,
thanks for the responses! Here is the code snippet:

The form:

<FORM ENCTYPE="multipart/form-data" ACTION="upload.php" METHOD="POST">
<INPUT TYPE="hidden" name="MAX_FILE_SIZE" value="1000">
Send this file: <INPUT NAME="userfile" TYPE="file">
<INPUT TYPE="submit" VALUE="Send File">

The PHP part:

if (is_uploaded_file($userfile)) {
    copy($userfile, "./");
} else {
    echo "Possible file upload attack: filename '$userfile'.";
}

It always runs into the file attack line.
When I read out the $HTTP_POST_FILES I get
userfile=array
userfile_size=0
userfile_type=img/gif
 It would be great if you can write back again.
Thanks, Matthias










""Kevin Williams"" <[EMAIL PROTECTED]> wrote in message
003001c0dbdc$e8e6c5e0$[EMAIL PROTECTED]">news:003001c0dbdc$e8e6c5e0$[EMAIL PROTECTED]...
Hi,
A snippet of code could help, but I recently experienced two problems with
uploading and gaining the information.

Are you using the correct ENCTYPE for the upload, along with using POST (GET
doesn't work).
Also, if you are trying to us the information from inside a function, I had
to either globally define all of the attributes, or you could pass them to
the function.

Hope this helps

Kevin Williams

"Matthias Roggendorf" <[EMAIL PROTECTED]> wrote in message
9dmisb$bhq$[EMAIL PROTECTED]">news:9dmisb$bhq$[EMAIL PROTECTED]...
> Hi,
> sorry for asking such easy things but I really have a hard time to get
this
> to work:
>
> I use exactly the scripts which are given on the PHP website to upload
> files. The problem is that the variable $userfile just contains "none" and
> $userfile_size is "0". The rest of the variables have the right values.
> When I use a larger file it takes more time so I assume that the file is
> uploaded, but I cannot save it because I don't know the temporary
filename.
>
> Can anybody help me? I really need this to work.
>
> Thanks, Matthias
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
>
>




-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to