文件上传错误

时间:2013-04-24 13:34:25

标签: php apache file-upload

我正在尝试上传动态创建的文件夹中的文件。它在我的localhost中正常工作但在服务器上显示错误。 错误是: -

  

警告:move_uploaded_file()[function.move-uploaded-file]:open_basedir限制生效。文件(/ tmp / php323kcy)不在允许的路径中:(/ home /)in /home/..../public_html/www..com./.../controller/add-product-process第83行的.php

我的Php代码在这里

<?php



include 'connection.php';

if(isset($_POST['product_name']) && ($_POST['category'])&& ($_POST['sub-category']) && ($_POST['product_qty']) && ($_POST['price']) && ($_POST['description']) && ($_POST['weight']))

{

 $pname = $_POST['product_name'];



 $category = $_POST['category'];

 $scategory = $_POST['sub-category'];

 $qty = $_POST['product_qty'];

 $price = $_POST['price'];

 $desc = $_POST['description'];

 $dp=$_POST['dp'];

 $offer= $_POST['offer'];

 $size=$_POST['size'];

 $weight=$_POST['weight'];

if(isset($_POST['color']))

{

$color=$_POST['color'];

}

else

{

$color = "N/A";

}

$query3 = mysql_query("select category_id from category where category_name='$category'");

$row3 = mysql_fetch_array($query3);



$query4 = mysql_query("select sub_category_id from sub_category where sub_category_name='$scategory'");

$row4 = mysql_fetch_array($query4);



$query1 = mysql_query("select product_id from stock");

while ($row = mysql_fetch_row($query1)) {

    $id = $row[0];

}

$str1 = substr($id, 2, 5);

if (($str1 >= 1) && ($str1 < 9)) {

    $str1++;

  echo  $new_id = "RD0000" . $str1;

} else if (($str1 >= 9) && ($str1 < 99)) {

    $str1++;

   echo $new_id = "RD000" . $str1;

} else if (($str1 >= 99) && ($str1 < 999)) {

    $str1++;

    echo $new_id = "RD00" . $str1;

} else if (($str1 >= 999) && ($str1 < 9999)) {

    $str1++;

   echo $new_id = "RD0" . $str1;

} else if (($str1 >= 9999) && ($str1 < 99999)) {

    $str1++;

   echo $new_id = "RD" . $str1;

} else {

    echo 'Error: Contact PSSP.';

}



$dirPath = "../products/$new_id";

$imgpath = "products/$new_id";

$result = mkdir($dirPath, 0755);

if ($result == 1) {

    echo $dirPath . " has been created";

} else {

    echo $dirPath . " has NOT been created";

}

define ("FILEREPOSITORY","../products/$new_id");

for ($i = 0; $i < sizeof($_FILES['uploadfile']['name']); $i++) {        

echo $path=$new_id.$i;

$filename = $dirPath.$path.'.jpeg';

           if (is_uploaded_file($_FILES['uploadfile']['tmp_name'][$i])) 

            {

            $filename2 = $imgpath."/".$path.'.jpeg';

            $fl[$i]=$filename2;

                        if ($_FILES['uploadfile']['type'][$i] != "image/jpeg") 

              {

                 echo "<p>Must be Image file.</p>";

              } 

             else if(file_exists($filename))

                {

              echo "already exist";

               }



              else 

                {

         //$name = $_POST['corname'];

         $result = move_uploaded_file($_FILES['uploadfile']['tmp_name'][$i], FILEREPOSITORY."/$path.jpeg");
            echo "result is".$result;
         if ($result == 1) 

            {

            echo "<p>File successfully uploaded.</p>";

            }

            else 

            {

            echo "not uploaded";

            }

            }

            }

            }

                        $files=implode(',',$fl);



> 
$query2 = mysql_query("insert into stock(product_id,product_name,category,sub_category,quantity,price,dp,offer,description,image,size,weight,color)values('$new_id','$pname','$row3[0]','$row4[0]','$qty','$price','$dp','$offer','$desc','$files','$size','$weight','$color')");

if (!$query2) {

    echo mysql_error();

} else {

    ?>

    <script language="javascript" type="text/javascript">

        // Print a message

        alert('Successfully Added..');

        // Redirect to some page of the site.

        window.location = '../add-product.php';

    </script>

    <?php



}

}

else

{

    echo "Error in page...";

}

?>

请注意我的问题..

提前致谢

1 个答案:

答案 0 :(得分:0)

您的托管帐户的配置方式使PHP上传功能无效:

  • Apache将临时文件存储在/tmp
  • PHP不允许读取/home/以外的文件(有趣的是,它显然允许从其他用户读取文件)。

第一条路径由upload_tmp_dir directive控制。第二条路径由open_basedir directive控制。据我所知,这两个都是全局设置,你不能改变。

您需要联系支持人员并寻求帮助才能解决此问题。