Revisiting uploading a graphic w/ an OS X server

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Hi all, thanks for all your help last time.. Unfortunately I couldn't get
any of the suggestions to work and because of time constraints I had to go
to something that I knew worked... But I'd like to revisit this because I
really want this option to run locally on the os x server...

Basically I have this string of code:

if($file_name !="")
copy ("$file", "/Library/WebServer/Documents/olcg/admin/$file_name")
         or die("Could not copy file");
else { die("No file specified"); }
    // If a ITL has been submitted,
    // add it to the database.
      if (@mysql_query($sql)) {
        echo('<p><b><center>Your Tile Ad has been uploaded and
      } else {
        echo('<p>Error adding submitted ITL: ' .
             mysql_error() . '</p>');
                      <strong>Your Tile Graphic Has Been uploaded. </strong>
                          <li>Sent: <?php echo "$file_name"; ?>
                          <li>Size: <?php echo "$file_size"; ?> bytes
                          <li>Type: <?php echo "$file_type"; ?>
                        <p><img src="<?php echo "$file_name" ?>"> </p>

I keep getting the error Could not copy file... When I look at the error log
it tells me:

[Thu Feb  3 09:57:22 2005] [error] PHP Notice:  Undefined variable:
file_name in
/Library/WebServer/Documents/olcg/admin/edit/tilegraphicsubmit.php on line

When I move this to a linux server running php 4 and mysql (the exact same
thing this server is running) it works great. Any help would be appreciated
in helping me figure out why this isn't working.

Re: Revisiting uploading a graphic w/ an OS X server wrote:
Quoted text here. Click to load it
Quoted text here. Click to load it

If that file is being run literally, then you have two problems.

First, it looks like you're coding to the register_globals option being
on, which is generally considered insecure and obsolete. The default is
to have this off. Go to for more

Second, you've probably got a huge security hole, in that anyone with
access to this script over the web can copy arbitrary files on your
filesystem into web-readable space. You may also have SQL injection and
HTML/JavaScript injection vulnerabilities.

-- brion vibber (brion @

Site Timeline