I'm using a form for uploading an image to my img folder. The error code of the photo array is 0, that means that there isn't any error and the file was uploaded successfully, but it wasn't... This is the code I have:
This is the HTML:
<form enctype="multipart/form-data" method="post" action="upload.php">
<label>Thumbnail:</label>
<input name="thumbnail" type="file">
<input type="submit">
</form>
This is the upload.php file:
<?php
$uploaddir = 'img/';
$uploadfile = $uploaddir . basename($_FILES['thumbnail']['name']);
echo $uploadfile;
echo '<pre>';
if (move_uploaded_file($_FILES['thumbnail']['tmp_name'], $uploadfile)) {
echo "File is valid, and was successfully uploaded.
";
} else {
echo "Possible file upload attack!
";
}
echo 'Here is some more debugging info:';
print_r($_FILES);
print "</pre>";
?>
I've put a print_r($_FILES) because I want to see the array... This is what I get after uploading the picture:
Array
(
[thumbnail] => Array
(
[name] => Stack.png
[type] => image/png
[tmp_name] => /tmp/phpEo6Gu5
[error] => 0
[size] => 482278
)
)
And, if you look here, you can see that error 0 corresponds to:
There is no error, the file uploaded with success.
But I don't have any files in my folder... This is the tree-view of the folders:
|test
|||img (folder)
|||||somephoto.png
|||||otherphoto.png
|||upload.php
But there isn't any photo in there because I can't upload them... What am I doing wrong?
Thanks!
EDIT: I know there are a lot of security risks here, but I'm only testing in my local machine, later, if it works, I'll add all the security-related code.
The file is uploaded to a temporary folder, as print_r($_FILES) showed, the actual file is /tmp/phpEo6Gu5.
You have to use move_uploaded_file() to move this file to its final destination. Example:
move_uploaded_file($_FILE['thumbnail']['tmp_name'], 'img/final_name.png');
Do not trust $_FILE['thumbnail']['name'] or $_FILE['thumbnail']['type'] as safe and valid, because this comes from client-side and can be twisted by an ill-intentioned user to exploit security issues in your site.
In addition, make sure the user account your script runs with has permission to write to the final directory. Easy way to solve that would be running chmod 777 img in your shell (gives full read+write+execute permission to everyone in folder img).
Have you tried moving the file from the Temporary directory to your current directory?
PHP uploads to the tmp folder on your server. You will need to use the move_uploaded_file function to get this to another directory:
move_uploaded_file($_FILE['thumbnail']['tmp_name'], 'img/image.png');