the "5000" represent byter try making it 5000000 i.e 5 megabytes i think
the file you are trying to upload might be bigger than 5k and 5M is safe
you can keep the fileseize fixed to a large value to be safe. and instead
all the fancy code just try the move_uploaded_file() command to see if it
works
Good luck!
On Sat, 21 Jul 2001, Justin French wrote:
> Hi all,
>
> I know this topic get's covered all the time, but i've copied this code
> direct from the online manual, and it still fails to work!!
>
> My environment is PHP4.0.1, under FreeBSD.
>
> To my knowledge, NONE of the php.ini file has been changed at all, and
> the rest of PHP has been working finr for 6 months, although this is the
> first time i've attempted file uploads.
>
>
> This code is in the php manual:
>
> The HTML form:
> ---
> <FORM ENCTYPE="multipart/form-data" ACTION="upload.php" METHOD="POST">
> <INPUT TYPE="hidden" name="MAX_FILE_SIZE" value="5000">
> Send this file: <INPUT NAME="userfile" TYPE="file"><BR>
> <INPUT TYPE="submit" VALUE="Send File">
> </FORM>
> ---
>
>
> The PHP code (as I understand from the man page, PHP4 << 4.0.2 requires
> different code. Since i'm on 4.0.1, I've used this block of code, which
> I believe is the correct code for my environment), copied accross line
> for line.
>
> ---
> /* Userland test for uploaded file. */
> function is_uploaded_file($filename) {
> if (!$tmp_file = get_cfg_var('upload_tmp_dir')) {
> $tmp_file = dirname(tempnam('', ''));
> }
> $tmp_file .= '/' . basename($filename);
> /* User might have trailing slash in php.ini... */
> return (ereg_replace('/+', '/', $tmp_file) == $filename);
> }
>
> if (is_uploaded_file($userfile)) {
> copy($userfile, "/usr/local/share/doc/apache/tests/images");
> //changed this line for new file location
> echo "file uploaded successfully"; //
> added this line
> } else {
> echo "Possible file upload attack: filename '$userfile'.";
> }
> }
>
>
>
>
> The Errors:
> With the above code, I get this error when I submit:
> ---
> Warning: Max file size exceeded - file [userfile] not saved in Unknown
> on line 0
> Possible file upload attack: filename 'none'.
> ---
>
> So I commented out <INPUT TYPE="hidden" name="MAX_FILE_SIZE"
> value="5000"> in the HTML for the moment. What does 5000 represent?
> Bytes? KiloBytes?
>
>
> With this line commented out, I get:
> ---
> Possible file upload attack: filename '/var/tmp/phpzlv472'.
> ---
>
> The image i'm attempting to upload is a 44k GIF file from via Netscape
> 4.6 on a Mac, but I can't see that this is the problem, since I've never
> been refused an upload at any website.
>
>
>
> What I've tried:
> I've read all the documentation I could find online
> I've tried different permission settings for the target directory
> I've looked for a simple upload script at all the usual PHP sites, but
> couldn't find anything that wasn't mega complex.
>
>
> Questions:
> I find it hard to believe it's the code that is the problem, since it's
> copied striaght from the website, so maybe it's a problem on my server,
> or something else i'm missing. Any ideas? What else SHOULD I add to
> this code (once it's functional) to handle errors properly, etc etc.
>
>
> Many thanks in advance
> Justin French
>
>
--
Saquib Farooq
@
Systems @ SDNPK
Islamabad
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
