[PHP] Image Uploads beeing corupted
Hey guys,
I got my uploads to work thanks to some peoples help here in this
newsgroup but now im having a problem with the files beeing corrupted
upon upload. not sure why any help would be greatly apreciated.
I have included my code again if it helps any.
function UploadImage(){
global $HTTP_POST_FILES;
global $ImageFile;
reset($HTTP_POST_FILES);
$pic_file = $HTTP_POST_FILES['ImageFile'];
copy ($pic_file['tmp_name'], ../images/$ImageFile_name);
}
FORM ACTION=?php $SCRIPT_NAME ? Method=Post
ENCTYPE=multipart/form-data
INPUT TYPE=hidden name=MAX_FILE_SIZE value=100
Input Type=File Name=ImageFile
Input Type=Submit Name=Submit
/FORM
I've found that just doing this seems to do the same
function UploadImage(){
global $ImageFile;
copy ($ImageFile, ../images/$ImageFile_name);
}
Thanks
Ryan Stephens
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Image Uploads beeing corupted
the funny thing is this
the information is beeing inserted into the database... the file is beeing
uploaded (as i can see it in the directory). I can get results from
$ImageFile
$ImageFile_name
$ImageFile_size
but i cant get a result for $ImageFile_type this comes up blank
there is obviously some connection, but just not sure what.
Ryan
Andrey Hristov [EMAIL PROTECTED] wrote in message
0b0c01c177e5$f0e15580$0b01a8c0@ANDreY">news:0b0c01c177e5$f0e15580$0b01a8c0@ANDreY...
The problem is in that you do global only for $ImageFile, but not for
$ImageFile_name.
Big flaw is that if someone make a form
FORM ACTION=?php $SCRIPT_NAME ? Method=Post
ENCTYPE=multipart/form-data
INPUT TYPE=hidden name=MAX_FILE_SIZE value=100
Input Type=text Name=ImageFile__name value=../../../../etc/passwd
Input Type=Submit Name=Submit
/FORM
may be can make a big shot. Depends on under which user Apache is running.
The best technique is to use $HTTP_POST_FILES. Since PHP4.1.0 there will
be new name
for it = $_FILES .This array will be global, so there is no need to write
global $_FILES . The same is done for $_GET, $_POST, $_COOKIE. $_REQUEST
is
merged array of $_GET,$_POST,$_COOKIE in the order of gpc(from php.ini).
Regards,
Andrey Hristov
IcyGEN Corporation
http://www.icygen.com
BALANCED SOLUTIONS
- Original Message -
From: Ryan Stephens [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, November 28, 2001 10:12 AM
Subject: [PHP] Image Uploads beeing corupted
Hey guys,
I got my uploads to work thanks to some peoples help here in this
newsgroup but now im having a problem with the files beeing
corrupted
upon upload. not sure why any help would be greatly apreciated.
I have included my code again if it helps any.
function UploadImage(){
global $HTTP_POST_FILES;
global $ImageFile;
reset($HTTP_POST_FILES);
$pic_file = $HTTP_POST_FILES['ImageFile'];
copy ($pic_file['tmp_name'], ../images/$ImageFile_name);
}
FORM ACTION=?php $SCRIPT_NAME ? Method=Post
ENCTYPE=multipart/form-data
INPUT TYPE=hidden name=MAX_FILE_SIZE value=100
Input Type=File Name=ImageFile
Input Type=Submit Name=Submit
/FORM
I've found that just doing this seems to do the same
function UploadImage(){
global $ImageFile;
copy ($ImageFile, ../images/$ImageFile_name);
}
Thanks
Ryan Stephens
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Problem Solved
I figured i would post my solution to the problem that i found somewhere. It
had nothing to do with anything i was doing. Its a bug in some versions of
PHP.
here is the function i had to use to fix this
function fix_php_upload_bug($tmp){
$infile=fopen($tmp,r); // Open the file for the copy
$outfile=fopen($tmp.new,w); // create a new temp file
$header=fgets($infile,255); //get the 1st line (netscape sometimes doesn't
add a Content-type line)
//if its more than just a \r\n sequence then
if (strlen($header)2) $header=fgets($infile,255); //get next line also
while(!feof($infile)) { // Loop through the remaining file
$temp=fread($infile,128);
fwrite($outfile,$temp,strlen($temp)); //copying contents to new temp file
}
fclose($outfile);
fclose($infile);
copy($tmp.new,$tmp); //replace the original with our new bug fixed file
unlink($tmp.new); //and delete the new file
return $tmp;
}
Ryan
Andrey Hristov [EMAIL PROTECTED] wrote in message
0b4501c177eb$8b02c900$0b01a8c0@ANDreY">news:0b4501c177eb$8b02c900$0b01a8c0@ANDreY...
As I showed by this :
FORM ACTION=http://your.domain.com/your.script.php; Method=Post
ENCTYPE=multipart/form-data
Input Type=text Name=ImageFile_name value=../../../../etc/passwd
Input Type=Submit Name=Submit
/FORM
I can write this in a simple html, press the submit button and instead of
file you will receive $ImageFile_name as a text variable.
I can write in it everything but you rely on that PHP made it. No PHP
didn't. Also in such form $ImageFile_tmpname can be supplied
and if someone does this :
?php
echo (implode('',file($ImageFile_tmpname)));
?
The /etc/passwd file can be shown easily.
My suggestion : rely on $HTTP_POST_FILES . Yes it is long to type but it's
secured. Also as I said. Since the new PHP 4.1.0 there
will
be $_FILES array, equivalent of $HTTP_POST_FILES(which will exists also).
The GD extension is used for dynamic construction of jpg,png,gif(up to
some 1.x version). The constructed image can be saved to file
or sent to the
browser. GetImageSize() is one of the many functions provided by GD.
http://www.php.net/manual/en/ref.image.php
Best regards,
Andrey Hristov
- Original Message -
From: Ryan Stephens (Hotmail) [EMAIL PROTECTED]
To: Andrey Hristov [EMAIL PROTECTED]
Sent: Wednesday, November 28, 2001 10:51 AM
Subject: Re: [PHP] Image Uploads beeing corupted
this means nothing to me... sorry, i've only been working with PHP for a
couple weeks. and a few month of web learning. the site im
working
on is hosted by some other guy, so i dont have access to it if i had to
change anything there.
Why is $ImageFile a possible security hole?
What is GD extension?
I dont need to find the type... i just used that as a test to see if
that
might have anything to do with my corrupted file problem. And i found
that
all the information beeing entered into the database re: its name and
size
is fine... but it wont return a type... Im thinking if it cant return a
type
(but still uploads the file) there must be a connection to it beeing
corrupt.
Ryan
- Original Message -
From: Andrey Hristov [EMAIL PROTECTED]
To: Ryan Stephens [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Wednesday, November 28, 2001 12:46 AM
Subject: Re: [PHP] Image Uploads beeing corupted
If you have GD extension build in your PHP use it to find the type(if
you
are limited ot jpeg/gif/png files).
I want to say again that the using of $ImageFile* is a possible
security
hole.
Regards,
Andrey Hristov
- Original Message -
From: Ryan Stephens [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, November 28, 2001 10:39 AM
Subject: Re: [PHP] Image Uploads beeing corupted
the funny thing is this
the information is beeing inserted into the database... the file is
beeing
uploaded (as i can see it in the directory). I can get results from
$ImageFile
$ImageFile_name
$ImageFile_size
but i cant get a result for $ImageFile_type this comes up
blank
there is obviously some connection, but just not sure what.
Ryan
Andrey Hristov [EMAIL PROTECTED] wrote in message
0b0c01c177e5$f0e15580$0b01a8c0@ANDreY">news:0b0c01c177e5$f0e15580$0b01a8c0@ANDreY...
The problem is in that you do global only for $ImageFile, but not
for
$ImageFile_name.
Big flaw is that if someone make a form
FORM ACTION=?php $SCRIPT_NAME ? Method=Post
ENCTYPE=multipart/form-data
INPUT TYPE=hidden name=MAX_FILE_SIZE value=100
Input Type=text Name=ImageFile__name
value=../../../../etc/passwd
Input Type=Submit Name=Submit
/FORM
may be can make a big shot. Depends on under which user Apache is
running.
The best technique is to use $HTTP_POST_FILES. Since PHP4.1.0
there
will
be new name
for it = $_FILES .This array will be global, so
Re: [PHP] Newbie Image uplaod question
ok... ive tried this but no go:
-
function UploadImage(){
global $HTTP_POST_FILES;
global $image;
reset($HTTP_POST_FILES);
$pic_file = $HTTP_POST_FILES['image'];
copy ($pic_file['tmp_name'], ../images);
}
FORM ACTION=?php $SCRIPT_NAME ? Method=Post
ENCTYPE=multipart/form-data
Input Type=File Name=$image
Input Type=Submit Name=Submit
/FORM
-
all i get returned is an empty filename () and an error. please help!
Ryan
Hank Marquardt [EMAIL PROTECTED] wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
http://www.php.net/manual/en/features.file-upload.php
On Tue, Nov 27, 2001 at 08:14:48PM -0800, Ryan Stephens wrote:
Hey guys...
Im new to PHP and am trying to upload images to the server and store
the
file name into mySQL database.. but i dont have a clue how to do
this...
all i know is i need to use Input Type=File other than that im lost.
Any help would be great.
Thanks
Ryan Stephens
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
--
Hank Marquardt [EMAIL PROTECTED]
http://web.yerpso.net
GPG Id: 2BB5E60C
Fingerprint: D807 61BC FD18 370A AC1D 3EDF 2BF9 8A2D 2BB5 E60C
*** Web Development: PHP, MySQL/PgSQL - Network Admin: Debian/FreeBSD
*** PHP Instructor - Intnl. Webmasters Assn./HTML Writers Guild
*** Beginning PHP -- Starts January 7, 2002
*** See http://www.hwg.org/services/classes
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Newbie Image uplaod question
Sorry... i changed
Input Type=File Name=$image
to
Input Type=File Name=image
but still no luck. it returns Array as the file name and doesnt upload
the file.
Whats up??
Ryan
Ryan Stephens [EMAIL PROTECTED] wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
ok... ive tried this but no go:
-
function UploadImage(){
global $HTTP_POST_FILES;
global $image;
reset($HTTP_POST_FILES);
$pic_file = $HTTP_POST_FILES['image'];
copy ($pic_file['tmp_name'], ../images);
}
FORM ACTION=?php $SCRIPT_NAME ? Method=Post
ENCTYPE=multipart/form-data
Input Type=File Name=$image
Input Type=Submit Name=Submit
/FORM
-
all i get returned is an empty filename () and an error. please
help!
Ryan
Hank Marquardt [EMAIL PROTECTED] wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
http://www.php.net/manual/en/features.file-upload.php
On Tue, Nov 27, 2001 at 08:14:48PM -0800, Ryan Stephens wrote:
Hey guys...
Im new to PHP and am trying to upload images to the server and
store
the
file name into mySQL database.. but i dont have a clue how to do
this...
all i know is i need to use Input Type=File other than that im
lost.
Any help would be great.
Thanks
Ryan Stephens
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail:
[EMAIL PROTECTED]
--
Hank Marquardt [EMAIL PROTECTED]
http://web.yerpso.net
GPG Id: 2BB5E60C
Fingerprint: D807 61BC FD18 370A AC1D 3EDF 2BF9 8A2D 2BB5 E60C
*** Web Development: PHP, MySQL/PgSQL - Network Admin: Debian/FreeBSD
*** PHP Instructor - Intnl. Webmasters Assn./HTML Writers Guild
*** Beginning PHP -- Starts January 7, 2002
*** See http://www.hwg.org/services/classes
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
