0

What about this lines?

Warning: copy(): open_basedir restriction in effect. File() is not within the allowed path(s): (/xxx/xxx/xxx/xxx/php:/tmp) in /home/xxxxxxxxxx/public_html/newsp.php on line 85

Here is my code:

<?php
 session_start();
 if (isset($_SESSION['password'])) {
        $con=mysqli_connect("xxxxx","xxxxx","xxxxx","xxxxx");
        // Check connection
            if (mysqli_connect_errno($con))
            {
            echo "Failed to connect to MySQL: " . mysqli_connect_error();
            }
            $result = mysqli_query($con,"SELECT * FROM News ORDER BY ID DESC LIMIT 1");

            while($row = mysqli_fetch_array($result))
                {
                    $ID = $row['ID'] + 1;
                }

            $title = $_POST['title'];
            $content = $_POST['content'];
            $type=$_POST['type'];

            echo $title . "<br>";
            echo $content . "<br>";
            echo $type . "<br>";
            echo $ID . "<br>";

            $sql = 'INSERT INTO News '.'(Title, Content, Type) '.'VALUES ( $title, $content, $type)';
            $result=mysqli_query($con,$sql);

//define a maxim size for the uploaded images in Kb
 define ("MAX_SIZE","100"); 

//This function reads the extension of the file. It is used to determine if the file  is an image by checking the extension.
 function getExtension($str) {
         $i = strrpos($str,".");
         if (!$i) { return ""; }
         $l = strlen($str) - $i;
         $ext = substr($str,$i+1,$l);
         return $ext;
 }

//This variable is used as a flag. The value is initialized with 0 (meaning no error  found)
//and it will be changed to 1 if an errro occures.
//If the error occures the file will not be uploaded.
 $errors=0;
//checks if the form has been submitted
    //reads the name of the file the user submitted for uploading
    $image=$_FILES['file']['name'];
    //if it is not empty
    if ($image)
    {
    //get the original name of the file from the clients machine
        $filename = stripslashes($_FILES['file']['name']);
    //get the extension of the file in a lower case format
        $extension = getExtension($filename);
        $extension = strtolower($extension);
    //if it is not a known extension, we will suppose it is an error and will not  upload the file,
    //otherwise we will do more tests
        if (($extension != "jpg") && ($extension != "jpeg") && ($extension != "png") && ($extension != "gif"))
            {
            //print error message
            echo '<h1>Unknown extension!</h1>';
            $errors=1;
            }
        else
        {
    //get the size of the image in bytes
     //$_FILES['image']['tmp_name'] is the temporary filename of the file
     //in which the uploaded file was stored on the server
     $size=filesize($_FILES['image']['tmp_name']);

    //compare the size with the maxim size we defined and print error if bigger
        if ($size > MAX_SIZE*1024)
            {
            echo '<h1>You have exceeded the size limit!</h1>';
            $errors=1;
            }

    //we will give an unique name, for example the time in unix time format
        $image_name= $ID.'.'.$extension;
    //the new name will be containing the full path where will be stored (images folder)
        $newname="NewsPic/".$image_name;
    //we verify if the image has been uploaded, and print error instead

        echo $image_name;
        $copied = copy($_FILES['image']['tmp_name'], $newname);
        if (!$copied)
            {
            echo '<h1>Copy unsuccessfull!</h1>';
            $errors=1;
            }


        }
    }




    } else {
        header("location:login.php");
    }
?>

I want to upload an image to my folder.

Improve this question
5
  • Don't just trust the extension. Make some attempt to verify the uploaded file actually is a jpg/gif/png. Commented Apr 3, 2013 at 12:53
  • Make sure if you the permission to write in the folder Commented Apr 3, 2013 at 12:53
  • i want to make it only for jpg.. how can i do that? Commented Apr 3, 2013 at 12:54
  • get the extension using $_FILES['image']['type'] Commented Apr 3, 2013 at 12:57
  • try this move_uploaded_file($_FILES['image']['tmp_name'],$newname) instead of copy() function Commented Apr 3, 2013 at 12:59

1 Answer 1

Reset to default
1

try to use move_uploaded_file(param1,param2); function

move_uploaded_file($_FILES['image']['tmp_name'],$newname)

note: your variable $newname must contain the path of the folder where you should save it + the filename

FOR YOUR INSERT QUERY

try to remove both '.' in declaring the fields where you should insert

resulting your query like this

$sql= "INSERT INTO News(Title, Content, Type)VALUES ( '$title', '$content', '$type')";

because '.' makes your sql failed.

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

Thanks, can you help me what is wrong about my "insert into"? cause i uploaded the image but not recorded in my database.
remove '.' resulting your query to be like this INSERT INTO News (Title, Content, Type) VALUES ( $title, $content, $type) .. by the way what it is for?
try to remove it and run the query because that one cause your query to failed.
mysqli_query($con,"INSERT INTO News (Title, Content, Type) VALUES ( $title, $content, $type)"); still.. not working.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.