Я в php ученик, начнём с этого. Писал загрузку изображений на сервер. Сначала сам. Ничего не получалось, час за часом. Потом скопировал из мануала код, подставив свои нужные папки и файл. И всё равно ничего не пашет. Вот код:
. "фал во временной папке" выводится, вместе с ошибкой :
файл во временной папке
Warning: move_uploaded_file(/public_html/php/images1.jpg): failed to open stream: No such file or directory in /home/l31614/public_html/php/php/addfoto.php on line 13
Warning: move_uploaded_file(): Unable to move ‘/tmp/phpjmqJwF’ to ‘/public_html/php/images1.jpg’ in /home/l31614/public_html/php/php/addfoto.php on line 13
. т.е. проблема в этой строке:
. но где именно я понять не могу.
Права записи в /public_html/php/images поставил.
Problem is that i don’t get an error when uploading a file, instead this shows which should be correct:
Upload: images.jpeg Type: image/jpeg Size: 5.8603515625 kB Temp file: /tmp/phpZ67YXk Stored in: upload/images.jpeg
But no file is saved on the server.
I don’t know what is wrong but I’m thinking in terms of permission, still there is a folder named upload with 777 permissions.
These php-files are hosted on a online web host so I don’t run this locally.
(PHP 4 >= 4.0.3, PHP 5, PHP 7)
move_uploaded_file — Moves an uploaded file to a new location
This function checks to ensure that the file designated by filename is a val >destination .
This sort of check is especially important if there is any chance that anything done with uploaded files could reveal their contents to the user, or even to other users on the same system.
The filename of the uploaded file.
The destination of the moved file.
Returns TRUE on success.
If filename is not a val >move_uploaded_file() will return FALSE .
If filename is a val >move_uploaded_file() will return FALSE . Additionally, a warning will be issued.
Example #1 Uploading multiple files
move_uploaded_file() is both safe mode and open_basedir aware. However, restrictions are placed only on the destination path as to allow the moving of uploaded files in which filename may conflict with such restrictions. move_uploaded_file() ensures the safety of this operation by allowing only those files uploaded through PHP to be moved.
If the destination file already exists, it will be overwritten.
- is_uploaded_file() — Tells whether the file was uploaded via HTTP POST
- rename() — Renames a file or directory
- See Handling file uploads for a simple usage example
User Contributed Notes 40 notes
Security tips you must know before use this function :
First : make sure that the file is not empty.
Second : make sure the file name in English characters, numbers and (_-.) symbols, For more protection.
You can use below function as in example
* Check $_FILES[name]
* @param (string) $filename — Uploaded file name.
* @author Yousef Ismaeil Cliprz
function check_file_uploaded_name ( $filename )
(bool) (( preg_match ( "`^[-0-9A-Z_.]+$`i" , $filename )) ? true : false );
Third : make sure that the file name not bigger than 250 characters.
* Check $_FILES[name] length.
* @param (string) $filename — Uploaded file name.
* @author Yousef Ismaeil Cliprz.
function check_file_uploaded_length ( $filename )
return (bool) (( mb_strlen ( $filename , "UTF-8" ) > 225 ) ? true : false );
Fourth: Check File extensions and Mime Types that you want to allow in your project. You can use : pathinfo() http://php.net/pathinfo
or you can use regular expression for check File extensions as in example
or use in_array checking as
= array( ‘gif’ , ‘jpg’ , ‘jpe’ , ‘jpeg’ , ‘png’ );
You have multi choices to checking extensions and Mime types.
Fifth: Check file size and make sure the limit of php.ini to upload files is what you want, You can start from http://www.php.net/manual/en/ini.core.php#ini.file-uploads
And last but not least : Check the file content if have a bad codes or something like this function http://php.net/manual/en/function.file-get-contents.php.
You can use .htaccess to stop working some scripts as in example php file in your upload path.
AddHandler cgi-script .php .pl .jsp .asp .sh .cgi
Do not forget this steps for your project protection.
nouncad at mayetlite dot com posted a function that uploaded a file, and would rename it if it already existed, to filename[n].ext
It only worked for files with extensions exactly three letters long, so I fixed that (and made a few other improvements while I was at it).
// Usage: uploadfile($_FILE[‘file’][‘name’],’temp/’,$_FILE[‘file’][‘tmp_name’])
function uploadfile ( $origin , $dest , $tmp_name )
$origin = strtolower ( basename ( $origin ));
$fulldest = $dest . $origin ;
$filename = $origin ;
for ( $i = 1 ; file_exists ( $fulldest ); $i ++)
$fileext = ( strpos ( $origin , ‘.’ )=== false ? » : ‘.’ . substr ( strrchr ( $origin , "." ), 1 ));
$filename = substr ( $origin , 0 , strlen ( $origin )- strlen ( $fileext )). ‘[‘ . $i . ‘]’ . $fileext ;
$fulldest = $dest . $newfilename ;
if ( move_uploaded_file ( $tmp_name , $fulldest ))
return $filename ;
return false ;
move_uploaded_file (on my setup) always makes files 0600 ("rw- — —") and owned by the user running the webserver (owner AND group).
Even though the directory has a sticky bit set to the group permissions!
I couldn’t find any settings to change this via php.ini or even using "umask()".
I want my regular user on the server to be able to "tar cjf" the directory .. which would fail on files totally owned by the webserver-process-user;
the "copy(from, to)" function obeys the sticky-bit though!
To nouncad at mayetlite dot com,
That function will work fine for files with a 3-character file extension. However, it is worth noting that there are valid, registered file extensions that are longer than 3 characters. For example, a JPEG file can be denoted by *.jpg (and others), but it can also have *.jpeg as a valid extension. Check out http://www.filext.com/ for a good reference of file extensions.
The best bet to me would be parsing the uploaded file’s name ($_FILES[‘uploadedfile’][‘name’]) based on the presence of dots. Another wrench in the gears: a file can have dots in the filename. That’s easy enough to handle — just explode() the file name and hope that the last element in the array it gives you is the file extension (you can always validate it if you’re so inclined). Then just piece it together in a string accordingly by stepping through the array (don’t forget to add those dots back to where they were!), appending a guaranteed unique string of characters (or enumerate it like you were doing, keeping track via a loop), and finally tacking on the file extension.
You may have other mechanisms for verifying a file’s extension, such as a preg_match on the whole name, using something like "/\.(gif|jpg|jpeg|png|bmp)$/i" (more can, of course, be added if you so desire) for the most common types of images found on the web.
For blindly guaranteeing an uploaded file will be uniquely named, this seems like a fantastic way to go. Enjoy!
I have the same problem as the person two comments below me. When I use the move_uploaded_file function the permissions for the file are set to 0600. No matter what configurations you set.
I searched the internet and I found more people with the same problems, but no solutions. I set the umask of apache to 013 and still the files were set to 0600.
The copy function solves the problem. Another way to solve this problem is using the chmod function after uploading.
I have for a couple of years been stymed to understand how to effectively load images (of more than 2MB) and then create thumbnails. My note below on general file uploading was an early hint of some of the system default limitations and I have recently discovered the final limit I offer this as an example of the various missing pieces of information to successfully load images of more than 2MB and then create thumbnails. This particular example assumes a picture of a user is being uploaded and because of browser caching needs a unique number at the end to make the browser load a new picture for review at the time of upload. The overall calling program I am using is a Flex based application which calls this php file to upload user thumbnails.
The secret sauce is:
1. adjust server memory size, file upload size, and post size
2. convert image to standard formate (in this case jpg) and scale
The server may be adjusted with the .htaccess file or inline code. This example has an .htaccess file with file upload size and post size and then inline code for dynamic system memory.
php_value post_max_size 16M
php_value upload_max_filesize 6M
// $img_base = base directory structure for thumbnail images
// $w_dst = maximum width of thumbnail
// $h_dst = maximum height of thumbnail
// $n_img = new thumbnail name
// $o_img = old thumbnail name
function convertPic ( $img_base , $w_dst , $h_dst , $n_img , $o_img )
< ini_set ( ‘memory_limit’ , ‘100M’ ); // handle large images
unlink ( $img_base . $n_img ); // remove old images if present
unlink ( $img_base . $o_img );
$new_img = $img_base . $n_img ;
$file_src = $img_base . "img.jpg" ; // temporary safe image storage
unlink ( $file_src );
move_uploaded_file ( $_FILES [ ‘Filedata’ ][ ‘tmp_name’ ], $file_src );
list( $w_src , $h_src , $type ) = getimagesize ( $file_src ); // create new dimensions, keeping aspect ratio
$ratio = $w_src / $h_src ;
if ( $w_dst / $h_dst > $ratio ) < $w_dst = floor ( $h_dst * $ratio );>else < $h_dst = floor ( $w_dst / $ratio );>
switch ( $type )
$img_src = imagecreatefromgif ( $file_src );
case 2 : // jpeg -> jpg
$img_src = imagecreatefromjpeg ( $file_src );
case 3 : // png -> jpg
$img_src = imagecreatefrompng ( $file_src );
$img_dst = imagecreatetruecolor ( $w_dst , $h_dst ); // resample
imagecopyresampled ( $img_dst , $img_src , 0 , 0 , 0 , 0 , $w_dst , $h_dst , $w_src , $h_src );
imagejpeg ( $img_dst , $new_img ); // save new image
unlink ( $file_src ); // clean up image storage
imagedestroy ( $img_src );
imagedestroy ( $img_dst );
$p_id = (Integer) $_POST [ uid ];
$ver = (Integer) $_POST [ ver ];
$delver = (Integer) $_POST [ delver ];
convertPic ( "your/file/structure/" , 150 , 150 , "u" . $p_id . "v" . $ver . ".jpg" , "u" . $p_id . "v" . $delver . ".jpg" );