Skip to main content
F
future-architect
Known Participant
July 4, 2012
Question

uploading file

  • July 4, 2012
  • 1 reply
  • 1124 views

I am creating an upload form.  One of the fields is a file.  It does not seem to be working though.  The file is not being uploaded.  here is my code:

form:

<input type="file" name="upload" id="upload" size="48" value="<?php if($flag) { echo $_FILES['file']['name']; } ?>" />

php:

move_uploaded_file($_FILES["upload"]["tmp_name"], "http:/mysite.com/uploads/");

anything that I'm missing?

This topic has been closed for replies.

1 reply

David_Powers
David_Powers
Inspiring
July 4, 2012

You're missing giving the file a name.

move_uploaded_file($_FILES["upload"]["tmp_name"], "http:/mysite.com/uploads/" . $_FILES['upload']['name']);

Also, I'm puzzled by this:

value="<?php if($flag) { echo $_FILES['file']['name']; } ?>"

Why are you trying to insert a value? And shouldn't it be $_FILES['upload']['name'] instead of $_FILES['file']['name']?

F
future-architectAuthor
Known Participant
July 5, 2012

ok - thanks.  still not working,  but my host says that .txt files are disabled for security reasons.  still don't understand.  i can understand .exe's....

have to find out what "disabled" means still....

David_Powers
David_Powers
Inspiring
July 5, 2012

What the host means is that you can't upload text files. I suspect the reason for that is to prevent scripting attacks.

If you allow people to upload files for immediate display, a text file could contain malicious JavaScript that would be executed as soon as the page is displayed.

Try this:

<?php include('script.txt'); ?>

The content of script.txt should look like this:

<script>

alert('Boo!');

</script>

When you load the PHP page into a browser, it executes the script, and displays an alert box with "Boo!".

Terms & ConditionsAccessibility statement
Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices