This in in the php manual
(http://www.php.net/manual/en/features.file-upload.php) but anyway...
The value contained in $_FILES['ufile1']['name'] is not the name of the
temporary file on the server. Try $_FILES['ufile1']['tmp_name'] instead
Hence the lines
if (is_uploaded_file($_FILES['ufile1']['name'])) {
copy($_FILES['ufile1']['name'], ".");
become
if (is_uploaded_file($_FILES['ufile1']['tmp_name'])) {
copy($_FILES['ufile1']['tmp_name'], $_FILES['ufile1']['name']);
That is copy the temporary file to the name that the user specified when
uploading.
BTW: Make sure you move or copy the temporary file before the php script
ends as the temporary file will not exist afterwards.
George Patterson
On Thu, 16 Oct 2003 05:20:38 +0100
Bunmi Akinmboni <[EMAIL PROTECTED]> wrote:
> Pls Help.
> I have done a lot of reading prior to this yet I just can't seem make
> it work. I wrote an upload program as seen below but the response I
> got was:
>
> Possible file upload attack. Filename: ayservenet.jpg Array ( [ufile1]
>
> => Array ( [name] => ayservenet.jpg [type] => image/pjpeg [tmp_name]
> => /tmp/phpIMEhdh [error] => 0 [size] => 3030 ) )
>
>
> File FUPROCESS.PHP:
> <?php
> // In PHP earlier then 4.1.0, $HTTP_POST_FILES should be used instead
>
> of $_FILES.
> // $realname = $_FILES['ufile1']['name'];
>
> if (is_uploaded_file($_FILES['ufile1']['name'])) {
> copy($_FILES['ufile1']['name'], ".");
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
