I'm trying to upload files but it doesn't work. What can I do?

Question

I'm new in this forum so I'll hope to don't write wrong.

In these days I'm trying to create a professional website ad the person I'm doing this for asked me to make a dynamic gallery so he can upload images easily. This code in local works so well but when i put it into the real website it doesn't work.

 <form action="admin.php" method="post" class="admin_form" enctype="multipart/form-data">
                <p>Seleziona l'immagine che vuoi aggiungere alla galleria: </p><br>
                <input type="file" name="file"><br><br>
                <button class="home hover" type="submit" name="img">Aggiungi Foto</button><br>
            </form>
        

            <?php
            
                if (isset($_POST['img'])){
                    $file = $_FILES['file'];

                    $fileName = $file['name'];
                    $fileType = $file['type'];
                    $fileTmpName = $file['tmp_name'];
                    $fileError = $file['error'];
                    $fileSize = $file['size'];

                    $fileExt = explode('.', $fileName);
                    $fileActualExt = strtolower(end($fileExt));

                    $allowed = array('jpg', 'jpeg', 'png');

                    if (in_array($fileActualExt, $allowed)){
                        if($fileError === 0){
                            if($fileSize < 1000000){

                                $fileNameNew = uniqid('', true);
                                $fileNameFull = $fileNameNew.".".$fileActualExt;
                                $fileDestination = '/home/cupidoeventi/img/galleria/';
                                move_uploaded_file($fileTmpName, $fileDestination);
                                header("Posizione: admin.php?uploadsucces");
                                
                                $query = "INSERT INTO `galleria`(`nomeimmagine`) VALUES ('$fileNameFull')";
                    
                                $inserisciDati = mysqli_query($connessione,$query);
                    
                                if(!$inserisciDati){
                                    die('Query fallita' . mysqli_error($connessione));
                                }
                            
                            }else{
                                echo "<p>Il file è troppo pesante!</p>";
                            }
                        }else{
                            echo "<p>C'è stato un errore nel caricamento del file!</p>";
                        }
                    }else{
                        echo "<p>Non puoi caricare questo tipo di file!</p>";
                    }
                }
            ?>

And the error that id gives to me is:

Warning: move_uploaded_file(/home/cupidoeventi/img/galleria/): failed to open stream: No such file or directory in /web/htdocs/www.onetvemilia.it/home/cupidoeventi/admin/admin.php on line 127 (I'm sure that this directory exist)

Warning: move_uploaded_file(): Unable to move '/tmp/phpSzEYpd' to '/home/cupidoeventi/img/galleria/' in /web/htdocs/www.onetvemilia.it/home/cupidoeventi/admin/admin.php on line 127

You specified a non-existing path. Remember that under *nix systems, a leading slash refers to the _root_ of the file system. — CBroe, Sep 07 '20 at 08:00
and it's right that i try to reach the root becouse it will be www.onetvemilia.it/cupidoeventi/img/galleria. I've tryed also without /home but it doesn't work too — Elizzit, Sep 07 '20 at 08:49
You are confusing the domain root (applicable in an HTTP context), with the file system root here - those are two very different things. — CBroe, Sep 07 '20 at 08:50
The error message already contains the full path to where your project is located … now all you need to do, is put two and two together. And if you don’t want to hard-code the path (because then that same code would probably not work locally), then you can indeed use `$_SERVER['DOCUMENT_ROOT']`, to make that part of it dynamic. — CBroe, Sep 07 '20 at 08:53
ok... i've created this value `$root = $_SERVER['DOCUMENT_ROOT'];` and put it like there `$fileDestination = $root.'cupidoeventi/img/galleria/';` but it gave me this errors: Warning: move_uploaded_file(): The second argument to copy() function cannot be a directory in /web/htdocs/www.onetvemilia.it/home/cupidoeventi/admin/admin.php on line 126 Warning: move_uploaded_file(): Unable to move '/tmp/phpSn6HXH' to '/web/htdocs/www.onetvemilia.it/home/cupidoeventi/img/galleria/' in /web/htdocs/www.onetvemilia.it/home/cupidoeventi/admin/admin.php on line 126 — Elizzit, Sep 07 '20 at 09:15
And, what is unclear about this? You need to provide a file name (resp., path and file name) as second argument for `move_uploaded_file`, but the value you provided, is clearly not one: `/web/htdocs/www.onetvemilia.it/home/cupidoeventi/img/galleria/` Maybe this still needs a little appending of `$fileNameFull` to the end of it, hm? — CBroe, Sep 07 '20 at 09:20
**Warning:** You are wide open to [SQL Injections](https://stackoverflow.com/a/60496/1839439) and should use parameterized **prepared statements** instead of manually building your queries. They are provided by [PDO](https://php.net/manual/pdo.prepared-statements.php) or by [MySQLi](https://php.net/manual/mysqli.quickstart.prepared-statements.php). Never trust any kind of input! Even when your queries are executed only by trusted users, [you are still in risk of corrupting your data](http://bobby-tables.com/). [Escaping is not enough!](https://stackoverflow.com/q/5741187) — Dharman, Sep 07 '20 at 10:37
Thank you but i don't think so... who want to make any change on this page must be logged in and a prevent an SQL injection from the login. Thank you anyway — Elizzit, Sep 10 '20 at 19:11

score 0 · Answer 1 · answered Sep 07 '20 at 08:10

0

I agree with CBroe : you probably specified the path relative to the server root, but you should make it absolute. Something like $_SERVER['DOCUMENT_ROOT'] . your_path is probably the real target.

answered Sep 07 '20 at 08:10

MarvinLeRouge

444
5
15

so wat I shuld put into the path? 'cause if i put the real path (www.onetvemilia.it/cupidoeventi/img/galleria) it doesn't work naturly. If i put just cupidoeventi/img/galleria it doesent work, also with a / at the beginnig. the location of the file that i'm using is cupidoeventi/admin so i've tryed also with ../ but also this doesn't work... i really don't know what to do... – Elizzit Sep 07 '20 at 08:46
_“cause if i put the real path (www.onetvemilia.it/cupidoeventi/img/galleria) it doesn't work naturly”_ - that is a URL, not a file system path. – CBroe Sep 07 '20 at 08:50

I'm trying to upload files but it doesn't work. What can I do?

1 Answers1