TechQA.

PHP move_uploaded_file/is_uploaded_file not accepting an uploaded SQL file (php-8.0.26 on Windows)

54 views Asked by At

I have a script with a simple form that send a file, using a POST request, that I want to copy in some directory in my web site tree, using the following code (in an include subirectory of my site):

$uploaddir = dirname(dirname(__FILE__)) . '/uploads/';
$sqlfile = $uploaddir . $_FILES['sqlfile']['name'];
$tmpfile = $_FILES['sqlfile']['tmp_name'];

if (move_uploaded_file($tmpfile, $sqlfile)) {
    // Use $sqlfile
} else {
    echo "Can't move uploaded file"
}

As this code does not work i tried:

if (is_uploaded_file($tmpfile)) {
    rename($tmpfile, $sqlfile);

but the result is the same.

However, if I suppress the test (or rather code it as "if (is_uploaded_file($tmpfile) || TRUE)" to be able to revert simply) then the rename works correctly and the file is correctly placed in my uploads directory.

I could let the code as is, but I would really like to know why both is_uploaded_file and move_uploaded_file refuse to see my POST-uploaded file as valid. For what it sorths, it is an SQL script named "backup_ac6_form_2023_09_05__17_53.sql", has size about 2M type application/octet-stream and the temporary upload file is named "C:\myProgs\WampServer64\tmp\php1E7B.tmp" as can be seen below (result of print_r of $_FILES and $sqlfile):

_FILES  _FILES['sqlfile'] _FILES['sqlfile']['name'] "backup_ac6_form_2023_09_05__17_53.sql"
_FILES  _FILES['sqlfile'] _FILES['sqlfile']['type'] "application/octet-stream"
_FILES  _FILES['sqlfile'] _FILES['sqlfile']['tmp_name'] "C:\myProgs\WampServer64\tmp\php1E7B.tmp"
_FILES  _FILES['sqlfile'] _FILES['sqlfile']['error']    "0"
_FILES  _FILES['sqlfile'] _FILES['sqlfile']['size'] "2061255"
sqlfile:    "D:/www.acsys.com.fr/next/www/ac6-edit/uploads/backup_ac6_form_2023_09_05__17_53.sql"

Thanks to anyone that can provide some insight on th etests done by is_uploaded_file to decide my file was dangerous...

php move-uploaded-file is-uploaded-file
Original Q&A
1

There are 1 answers

0
Bernard Dautrevaux On

Alberto Fecchi answers my question in his comment: passing realpath($tempfile) to is_/move_uploaded_file solves the problem; in my code I passed a unix-like path, with forward slashes, and, obviously, that was the problem. Looks like these two PHP functions do not check the file is in the proper directory, but that the file PATH starts by the proper directory name...

Anyway, that solved my problem, but a note on PHP documentation would be nice as I'm sure others may run in the same problem on Windows.

Related Questions in PHP

Related Questions in MOVE-UPLOADED-FILE

Related Questions in IS-UPLOADED-FILE

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json

Trending Questions