Home/ Questions/Q 4018268
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-20T09:57:44+00:00

This code works properly in my localhost. I am using xampp 1.7.3. but when

  • 0

This code works properly in my localhost. I am using xampp 1.7.3. but when I put it in the live server it shows Possible file upload attack!. ‘upload/’ is the folder under ‘public_html’ folder on the server. I can upload files via other script in that directory.

<?php

$uploaddir = '/upload/';//I used C:/xampp/htdocs/upload/ in localhost. is it correct here?
$uploadfile = $uploaddir . basename($_FILES['file_0']['name']);

echo '<pre>';
if (move_uploaded_file($_FILES['file_0']['tmp_name'], $uploadfile)) {
    echo "File is valid, and was successfully uploaded.\\n";
} else {
    echo "Possible file upload attack!\\n";
}

echo 'Here is some more debugging info:';
print_r($_FILES);

print "</pre>";

?>
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You probably can’t move your file to /upload/ which is an “upload” folder at the root of the server file system, hence move_uploaded_file() reporting FALSE and your message. Plus, this /upload/ folder probably doesn’t even exist nor is it writeable.

    You probably want to move it to $_SERVER['DOCUMENT_ROOT'].'/upload/' which will point to your virtual host root (something like www or wherever you’re uploading your application files). Don’t forget to create this folder and to change its permissions accordingly (CHMOD 777 is a good idea).

    • 0