Eh, ten kod je nejaka silena haluz. Poslal jsi to cele? Tohle snad nemohlo fungovat ani na ic.cz? Ono si to stezuje, ze soubor neni v povolene ceste...ta chyba presne je "soubor '' neni v povolene ceste '/home/user...'". Proste proto, ze nevi jaky soubor a bere zadny. Problem je ve tve konstrukci prikazu copy, kde beres $soubor, ktery predtim nikde neinicializujes. Mozna na nejak blbe nastavenem serveru bez safe modu jeste funguje takova ta autoregistrace promennych, kazdopadne na vetsine serveru to tak neni.
Priklad spravne napsaneho upload skriptu je primo v manualu PHP:
Kód:
<form enctype="multipart/form-data" action="_URL_" method="post">
Send this file: <input name="userfile" type="file">
<input type="submit" value="Send File">
</form>
Kód:
<?php
// In PHP earlier then 4.1.0, $HTTP_POST_FILES should be used instead of $_FILES.
// In PHP earlier then 4.0.3, use copy() and is_uploaded_file() instead of move_uploaded_file
$uploaddir = '/var/www/uploads/';
print "<pre>";
if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploaddir . $_FILES['userfile']['name'])) {
print "File is valid, and was successfully uploaded. Here's some more debugging info:\n";
print_r($_FILES);
} else {
print "Possible file upload attack! Here's some debugging info:\n";
print_r($_FILES);
}
?>
Jinak u uploadu je potreba vedet co delas a pohlidat spoustu veci, jinak ti tam nekdo uploadne nejaky PHP shell a hakne ti to.
Přihlásit se
Registrovat
FAQ
Hledat
