Error Uploading Images to my server

Question

I'm trying to upload an image to my server as follow:

HTML CODE

<html>
<body>


<form enctype="multipart/form-data" action="uploadimages.php" method="POST">

<input type="hidden" name="MAX_FILE_SIZE" value="3000000" />

Send this file: <input name="userfile" type="file" />
<input type="submit" value="Send File" />
</form>

</body>
</html>

Here is the uploadimages.php code: I also tried with: $uploaddir = '/var/www/html/images/'; and have the same issue.

<?php

$uploaddir = 'http://localhost/images/';
$uploadfile = $uploaddir . basename($_FILES['userfile']['name']);

echo '<pre>';
if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) {
echo "File is valid, and was successfully uploaded.\n";
} else {
echo "Possible file upload attack!\n";
}

echo 'Here is some more debugging info:';
print_r($_FILES);

print "</pre>";

?>

But when I click the button to send file I get the following screen:

Thank you for your help

UPDATE:

So I changed:

<form enctype="multipart/form-data" action="uploadimages.php" method="POST">

to

   <form enctype="multipart/form-data" action="http://localhost/uploadimages.php" method="POST">

Now I get this error:

Nota: Chris' answer is the one you should be accepting, since that is the main problem here. — Funk Forty Niner, Apr 04 '16 at 21:30
As an aside, you should also note your code is vulnerable to remote code execution (assuming the `images` folder is actually in the document root as it appears to be). — Chris, Apr 05 '16 at 17:38

score 2 · Answer 1 · answered Apr 04 '16 at 21:16

2

You're using a server path

$uploaddir = 'http://localhost/images/';

where you should be using a relative/system path.

$uploaddir = 'images/';

Adjust accordingly depending on the script's location of execution.

It could be ../images/, only you know that.

or

$uploaddir = '/var/rest_of_your_path/to/images/';

Also make sure the folder can be written to.

RTM on move_uploaded_file() http://php.net/manual/en/function.move-uploaded-file.php

and check for errors

http://php.net/manual/en/function.error-reporting.php

Plus, seeing value="30000" seems a bit low. Make sure you're not uploading a file bigger than that and that it doesn't exceed the max upload size.

answered Apr 04 '16 at 21:16

Funk Forty Niner

74,450
15
68
141

See Chris' answer also. He made a valid point. Consult the following on Stack http://stackoverflow.com/questions/5121495/php-code-is-not-being-executed-i-can-see-it-on-source-code-of-page – Funk Forty Niner Apr 04 '16 at 21:22
I changed the size value to 3000000, the path of the php file when call for action in the HTML code and I tried all combinations for the $uploaddir = 'images/'; '/var/rest_of_your_path/to/images/';, etc and now I'm getting a different issue. Please see my update in the initial post. Thanks – S. Martin Apr 04 '16 at 21:54
@S.Martin your action should be the file itself and not `action="http://localhost/uploadimages.php"` and also see Chris' answer. – Funk Forty Niner Apr 04 '16 at 21:58
@S.Martin another thing this is that you need to access your HTML form like this `http://localhost/form.html` (if `.html`) instead of a probable `c:///file.xxx` and use `action="uploadimages.php` if both are inside the same folder. While making sure you do have a webserver/PHP installed. – Funk Forty Niner Apr 04 '16 at 22:00
@ Fred -ii Thank you again. I did as directed. runned the file from my localhost and used: action="uploadimages.php However, I keep getting the same error as for the Update. webserver Apache is installed and working I do have other files that I ran using PHP and working correctly. – S. Martin Apr 04 '16 at 22:20
@S.Martin See this answer on Stack http://stackoverflow.com/a/5147533/ as it could also be a permissions issue and the path (all folders/sub-folders) to it cannot be written to it. See the examples I've left in my answer also. – Funk Forty Niner Apr 04 '16 at 22:44

score 2 · Answer 2 · answered Apr 04 '16 at 21:20

To be honest, it looks like the biggest problem is that your code isn't even running on a web server. You can't just open a PHP file in a web browser and expect it to be magically interpreted. You need to install Apache or Nginx and access your file via that.

Error Uploading Images to my server

2 Answers2