upload file issue

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
First of all I am rather new into PHP. I use php 5 and I am putting  
together a web site for a local association I belong too.
Most of the site is okay, except for this problem :

I need to be able for the member of the site to upload files (gif, jpg  
or pdf). After reading a lot about the danger of file uploading, I  
decided to create a folder at the root of the web server. The upload of  
the files goes on without any problem, but when i tried to show some of  
the file (such as the image files), the system does not retrieve them.

Here is the the tree of my web server :
/website (folder where all of the web site is build with *.php files)
    /images (folder where all the images files are uploaded)
    /pdf (files where all the pdf files are uploaded)

The bit of code doing the uploads works fine, but I can not find a way  
to retrieve the files. When I code in the php file :
echo '<img src="../uploads/images/test.gif">';
The browser is in fact looking for a file name  
www.mywebsite.com/uploads/images/test.gif which of course does not exist.

I tried to look on the web for an answer but did not find one. Could any  
one points me out to a tutorial for this subject, or will be good enough  
to help with a solution, bearing in mind that I am by no mean an expert  
in php.

Thank you.

Re: upload file issue

Quoted text here. Click to load it

I am sure that there may be another solution, but I think that you cannot  
path back outside of your webserver. I'd bet that if you moved the 'uploads'  
folder inside the 'website' folder and change the link accordingly, it would  

As www.mywebsite.com and the website folder should be the same ... I take it  
that having <img src='../../uploads/images/test.gif'> makes no difference?

Re: upload file issue

Sean a écrit :
Quoted text here. Click to load it
It works fine if I move the 'uploads' folder back on the web site, but  
as it needs to be chmod 777, it is now open to everyone, and might  
become a security issue on my server.

I read that by putting it outside the web folder, it could not be access  
by browsing, but I can not find any way to retrieve the folder, even  
that I can put them without any problem.

Quoted text here. Click to load it

Re: upload file issue

Emmanuel Petit wrote:
Quoted text here. Click to load it

The problem is that when you try to load the image, the user is  
browsing.  From the request to the server, there is absolutely no  
difference between:


and loading a page with

   <img src="/image.jpg"...>

Both result in a GET request from the browser to the server to retrieve  
the image.

You could do something like create a php file which serves the images  
from the other folder, but that's the hard way.

The real problem is why do you think the images have to be chmod 777.  
That's absolutely incorrect.  All they need is 400 and owned by the  
webserver's userid, for instance.

Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.

Re: upload file issue

Quoted text here. Click to load it

You can make it all fancy-like, or simple.... depending on what you  
need.  But if you have the GD library and you're set on keeping images  
above the webserver, you can do something like this... I'll call this  
file "imagedisplay.php";


if you wanted, you could have the database figure out which image to get  
based on a 'file key' or something, or another db call... for this  
example, i'm putting the image name right in the code.

$vImg = "donut.jpg";  

header("Content-type: image/jpeg");
if(file_exists($vImg)) {
    $img_handle = imagecreatefromjpeg($vImg) or die("");



In your code, it's just:

<img src="imagedisplay.php?vKey=xyydjaj" alt="My Image" />

Re: upload file issue

Quoted text here. Click to load it

Actually, $vImg would likely be  

Re: upload file issue

Good Man a écrit :
Quoted text here. Click to load it
Thank you all for your help, I shall put that on test, and see how I get  
from there...

Site Timeline