0

I did a upload system and I was testing it on my computer, using a localhost xampp server, it was working fine but I moved it to a host and I get this error:

PHP Warning:  Unknown: open_basedir restriction in effect. File(C:\Windows\TEMP) is not within the allowed path(s): (E:\Domains\site.com) in Unknown on line 0
PHP Warning:  File upload error - unable to create a temporary file in Unknown on line 0
PHP Warning:  file_get_contents() [<a href='function.file-get-contents'>function.file-get-contents</a>]: Filename cannot be empty in E:\Domains\site.com\wwwroot\admin\addexec.php on line 12
PHP Warning:  getimagesize() [<a href='function.getimagesize'>function.getimagesize</a>]: Filename cannot be empty in E:\Domains\site.com\wwwroot\admin\addexec.php on line 14

Following here the file:

addexec.php

<?php

    include('connect.php');

        if (!isset($_FILES['image']['tmp_name'])) {
        echo "";
        }else{
        $file=$_FILES['image']['tmp_name'];
        $image= addslashes(file_get_contents($_FILES['image']['tmp_name']));
        $image_name= addslashes($_FILES['image']['name']);
        $image_size= getimagesize($_FILES['image']['tmp_name']);


            if ($image_size==FALSE) {

                echo "That's not an image!";

            }else{

                move_uploaded_file($_FILES["image"]["tmp_name"],"../reservation/img/products/" . $_FILES["image"]["name"]);

                $location=$_FILES["image"]["name"];
                $pname=$_POST['pname'];
                $desc=$_POST['desc'];
                $price=$_POST['price'];
                $cat=$_POST['cat'];



                $update=mysql_query("INSERT INTO products (imgUrl, product, Description, Price, Category)
    VALUES
    ('$location','$pname','$desc','$price','$cat')");
    header("location: products.php");
                exit();

                }
        }
    ?>

I don't know how I can set a temp folder exactly, I need some help to solve this. What can I do? I already set the permissions on the server to 777 and turned off the php safe mode.

The Guy with The Hat
  • 10,836
  • 8
  • 57
  • 75
Tsukki
  • 33
  • 5
  • RTFM? http://www.php.net/manual/en/ini.core.php#ini.upload-tmp-dir – Marc B Mar 23 '14 at 05:38
  • You need to uncomment `open_basedir` on your PHP.ini. – Shankar Narayana Damodaran Mar 23 '14 at 05:39
  • Your code is vulnerable to SQL injections; you should read on [how to prevent them in PHP](http://stackoverflow.com/q/60174/53114). You should also check the uploaded file name’s extension, otherwise one could upload any file, including `.php` files. – Gumbo Mar 25 '14 at 21:42

1 Answers1

0

; Whether to allow HTTP file uploads.

file_uploads=On

; Temporary directory for HTTP uploaded files (will use system default if not ; specified).

upload_tmp_dir="D:\xampp\tmp"

try to change above mentioned place in php.ini may be it will work for you.

Indrasinh Bihola
  • 2,094
  • 3
  • 23
  • 25