Home/ Questions/Q 7019171
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-27T23:08:55+00:00

I’m making a image uploader but I have come across 2 errors. Which are:

  • 0

I’m making a image uploader but I have come across 2 errors. Which are:

Warning: move_uploaded_file(upload/Corgi 007.jpg) [function.move-uploaded-file]: failed to open stream: No such file or directory in /home/stationr/public_html/admin/doupload.php on line 12

Warning: move_uploaded_file() [function.move-uploaded-file]: Unable to move '/chroot/tmp/phpMvRSbS' to 'upload/Corgi 007.jpg' in /home/stationr/public_html/admin/doupload.php on line 12

The errors are occuring when I call the move_uploaded_file() method. Here is my code (note this has no error checking what so ever it is just bare ones uploading).

    <?php
error_reporting(E_ALL);
error_reporting(-1);
ini_set('error_reporting', E_ALL);

$filename = $_FILES["file"]["name"];
$filesize = $_FILES["file"]["size"];

move_uploaded_file($_FILES["file"]["tmp_name"],"upload/$filename");

?>
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You’ve failed to check if the upload succeeded at all:

    if ($_FILES['file']['error'] === UPLOAD_ERR_OK) {
   move file ...
} else {
   die("Upload failed with error code " . $_FILES['file']['error']);
}

    The error codes are documented here: http://www.php.net/manual/en/features.file-upload.errors.php

    As well, is there a “upload” subdirectory in whatever your script’s current working directory is? Does the web server process have write permissions on that directory?

    And as a MAJOR security hole, blindlly using the ['name'] parameter of the upload as your target filename allows a malicious user to scribble on ANY file on your server. Never ever blindly use that filename. If the upload filename is provided as (say) ../../../../../../etc/passwd, you’ve now allowed someone to replace your system password file.

    • 0