Uploading an image
Posted by enquirer (enquirer), 14 September 2003I have a problem with uploading an image to the database. I've tried bits of code from various sources but to no avail. Would be grateful if you could help.
and later ...
I've worked out that the problem is to do with where PHP uploads the file too.
PHP has a temp directory that it puts uploaded files into. However, the problem I am getting is that although the file is uploaded ok and PHP will return information about the file , such as type, size, etc., it won't let me touch the file in any way, i.e., copy it, fopen it, etc.
This would seem to be an issue of permissions on the directory that PHP uses.
I note from looking at various forums, scripts and so on, that everyone is saying make sure the directory you are uploading too is chmod 777. But if PHP is setting the temp directory to use, the people managing the servers seem reluctant to do this for security reasons.
Posted by admin (Graham Ellis), 14 September 2003I've been looking at uploads - I did a sanity check for myself / wrote a test routine that works on my ISP's system - it follows at the end of this post. Testable at http://www.wellho.net/demo/upload.php4.
I did note that you used $_FILE (singular) in the code you sent me by email, but the global variable is $_FILES ( plural), and I wondered - in spite of your further analysis that points at the ISP - whether this is something to do with the problem? You might like to try my code, which should be domain and directory independent, to see if it works on your ISP; you would need to set the directory from which you run it as writable by the webserver, or create files called demopic.jpg, demopic.gif and demopic.png which are writable by the webserver.
I'm a little doubtful that the problem really is your ISP in the way you describe; if the file can be written to /tmp but not read back, that's a very odd set of permissions. You are correct, though, that ISPs are very wary about giving public access to /tmp and it can often be an area that they're unwilling to support in PHP even if they support everything else. As far as I can see, the file content does NOT turn up in your PHP in any global variables (it would ruin the whole point of the temporary file if it did), so IF your ISP really is the problem, I can't hold out much hope unless you can persuade them to make a change. They might be happier to change their php.ini so that the upload_tmp_dir is somewhere else on their system and doesn't share with the systemwide /tmp directory, but they would still need to give it pretty public permisssions. Just a thought.
Posted by admin (Graham Ellis), 14 September 2003(further question by email ...)
The code being run reports the file as having been uploaded to /var/tmp i.e., the master temp directory. Do you think this is an issue?
I don't think there's any way of you to override the temporary settings; the master one is the one that comes with PHP and the local one is as set from the php.ini file. The manual says
which doesn't point to any ways at all that gives you control ...
When you think of it, it's pretty unlikely that you could control from a .php page where the upload is to; after all, the upload is done before you script starts to run .... so ini_set is of no help (and its manual confirms that you can set the variable in php.ini and httpd.conf only.)
Whether the files are in /tmp or /var/tmp won't make a huge difference as long as you can get the right permissions, and you're trying to access the right file in the right place (i.e. they're not mixed up in the code). Perhaps your ISP would like to provide a /phpupload directory to keep uploads away from /tmp and /var/tmp, and run a cron job to clear any rubbish (files over 30 minutes old) out of that directory every hour or so. You may pass on my suggestion.
PH: 01144 1225 708225 • FAX: 01144 1225 899360 • EMAIL: email@example.com • WEB: http://www.wellho.net • SKYPE: wellho