file upload - not so simple...

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
I can't find an answer to a seemingly simple question. I have three files:

    <form enctype="multipart/form-data" action="process.php" method="POST">
    <input type="hidden" name="MAX_FILE_SIZE" value="1024000" />
    Send this file: <input name="userfile" type="file" />
    <input type="submit" name="Submit" value="Send File" />

    if ($mode == 'addfile') include ('form.php');

    if ($Submit == "Send File") {
     $uploaddir = '/katalog/';
     $uploadfile = $uploaddir . basename($_FILES['userfile']['name']);
     echo '<pre>';
     if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) {
    echo "File is valid, and was successfully uploaded.\n";
      } else { echo "Possible file upload attack!\n";}
     echo 'Here is some more debugging info:';
     print "</pre>";}

When I run form.php - the upload is working fine, I don't understand why the
identical form, which is printed at "index.php?mode=addfile", doesn't work
(message "Possible file upload attack!", array $_FILES empty). The same
happens when the upload form is printed with "echo" instead of "include
('form.php')". Does anyone know what is going on?

I'll appreciate any hint, cheers!


Re: file upload - not so simple...

TomR wrote:
Quoted text here. Click to load it

Where are you expecting the file to be saved? Don't forget filesystem
function work on the server root (not the document root.)

Site Timeline