Home/ Questions/Q 8337037
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-09T04:10:24+00:00

When I try to upload a file in PHP, It will not let me.

  • 0

When I try to upload a file in PHP, It will not let me. After dumping variables here and there, I got this:

Invalid file!
!
NULL
24M
32MNULL

Which came from this:

echo "Invalid file!"; //So, we screwed up...
echo "<br />" . $ext . "!<br />";
echo var_dump($_FILES['fileupl']);
echo "<br />" . ini_get('upload_max_filesize');
echo "<br />" . ini_get('post_max_size');
echo "<br />" . var_dump($_FILES['error']);

Any file I upload will return that.
I’m trying to upload any file that is: .zip, .jar, .png for a little minecraft file sharing platform.

Variables:

$title = $_POST['title'];
    $desc = $_POST['desc'];

    $type = $_GET['type'];

    //File stuff
    $name = $_FILES['fileupl']['name'];
    $rname = $_FILES['fileupl']['tmp_name'];
    $ftype = $_FILES['fileupl']['type'];
    $size = $_FILES['fileupl']['size'];
    $ext = strrchr($rname, '.');
    $allowedExtensions = array(".zip", ".jar", ".png");

Code:

if (!in_array(end(explode(".",
            strtolower($name))),
            $allowedExtensions)) { 

            echo "Invalid file!"; //dafuq, how'd you screw that up man?
            echo "<br />" . $ext . "!<br />";
            echo var_dump($_FILES['fileupl']);
            echo "<br />" . ini_get('upload_max_filesize');
            echo "<br />" . ini_get('post_max_size');
            echo "<br />" . var_dump($_FILES['error']);
        }
        else
        {
            $uploaddir = './content/';

            //Begin file shizzle

            if (is_uploaded_file($_FILES['fileupl']['tmp_name'])) //Is the file uploaded?
            {
                $uploadfile = $uploaddir . basename($name);
                echo $name . " Uploaded successfully.";
                if (move_uploaded_file($rname, $uploadfile))
                {
                    echo $name . " (" . display_filesize($size) . ") Successfully uploaded!";
                    $q = mysql_query("INSERT INTO `content`(`type`, `creator`, `title`, `description`, `filename`) VALUES('" . mysql_real_escape_string($type) . "', '" . $username . "', '" . mysql_real_escape_string($title) . "', '" . mysql_real_escape_string($desc) . "', 'Anon')");
                    if (!$q)
                    {
                        echo "mySQL execution failed!";
                    }
                    else
                    {
                        echo "Uploaded to database!";
                    }
                }
                else
                {
                    echo "File could not be moved!";
                }

            }
            else
            {
                echo "File could not be uploaded!";
                echo var_dump($_FILES['fileupl']);
                echo "<br />" . ini_get('upload_max_filesize');
                echo "<br />" . ini_get('post_max_size');
            }
        }

I’ve tried just about everything and would greatly appreciate it if someone knew what was happening.

Thanks!

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    As you mentioned after fixing the form, you’re now seeing: (I’ve edited for clarity)

    Invalid file! 
!    
array(5) { ["name"]=> string(17) "EasyMinecraft.zip" ["type"]=> string(15) "application/zip" ["tmp_name"]=> string(14) "/tmp/php87jMDe" ["error"]=> int(0) ["size"]=> int(4325565) } 
24M 
32MNULL 
Array ( [fileupl] => Array ( [name] => EasyMinecraft.zip [type] => application/zip [tmp_name] => /tmp/php87jMDe [error] => 0 [size] => 4325565 ) )

    This shows that $ext is empty. The relevant lines of the variable assignment are:

    $rname = $_FILES['fileupl']['tmp_name'];
$ext = strrchr($rname, '.');

    So, what’s $_FILES['fileupl']['tmp_name']? Your output shows it to be /tmp/php87jMDe, which is clearly not going to work when you attempt to find everything after a ‘.’ in it, as there is no period in it. You probably want to change that first line to use the actual name, as opposed to the tmp_name, e.g.:

    $rname = $_FILES['fileupl']['name'];

    You’re also going to have an error with this conditional:

    if (!in_array(end(explode(".",
            strtolower($name))),
            $allowedExtensions)) {

    Note that end(explode(".", strtolower($name))) is going to give you just ‘zip’, not ‘.zip’. I’m not sure why you’re trying to redected the extension here, rather than using the $ext you already created? I’d suggest lower-casing $ext when you create it, and I think you should be good to go then?

    • 0