SitePoint Sponsor

User Tag List

Results 1 to 6 of 6
  1. #1
    SitePoint Addict Shantra's Avatar
    Join Date
    Feb 2001
    Location
    Norway
    Posts
    224
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hi,
    I have some problems with making this code work! I'm trying to upload an image to my server with a link in my database. Everything but the image work!

    Please help!

    Database:

    ID, Name, EMail, description, picture_name

    Code:

    <!-- newauthor.php -->
    <HTML>
    <HEAD>
    <TITLE> Add New Author </TITLE>
    </HEAD>
    <BODY>
    <?php

    if ($submit): // A new author has been entered
    // using the form below.

    $dbcnx = @mysql_connect("localhost", "****", "****");
    mysql_select_db("****");

    $sql = "INSERT INTO Authors SET " .

    "Name='$name', " .
    "description='$description', ".
    "picture_name='$picture_name', ".
    "EMail='$email'";
    exec("cp $picture /public_html/joke/images/$picture_name");

    if (mysql_query($sql)) {
    echo("<P>New author added</P>");

    echo "Name: $name<br>\n";
    echo "EMail: $email<br>\n";
    echo "description: $description<br>\n";
    echo "temp file: $picture<br>\n";
    echo "file name: $picture_name<br>\n";
    echo "file size: $picture_size<br>\n";
    echo "file type: $picture_type<br>\n";
    echo "<br>\n";
    echo "<img src=images/$picture_name><br>\n";

    } else {
    echo("<P>Error adding new author: " .
    mysql_error() . "</P>");
    }

    ?>

    <P><A HREF="<?php echo($PHP_SELF); ?>">Add another Author</A></P>
    <P><A HREF="authors.php">Return to Authors list</A></P>

    <?php
    else: // Allow the user to enter a new author
    ?>

    <FORM ACTION="<?php echo($PHP_SELF); ?>" METHOD=POST>
    <P>Enter the new authorBR>
    Name: <INPUT TYPE="TEXT" NAME="name" SIZE=20 MAXLENGTH=100><BR>
    eMail: <INPUT TYPE="TEXT" NAME="email" SIZE=20 MAXLENGTH=100><BR>
    Description: <INPUT TYPE="TEXT" NAME="description" SIZE=20 MAXLENGTH=100><BR>
    Picture: <INPUT TYPE="FILE" NAME="picture" SIZE=20 MAXLENGTH=100><BR>
    <INPUT TYPE="SUBMIT" NAME="submit" VALUE="SUBMIT"></P>
    </FORM>

    <?php endif; ?>

    </BODY>
    </HTML>

  2. #2
    ********* wombat firepages's Avatar
    Join Date
    Jul 2000
    Location
    Perth Australia
    Posts
    1,717
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Fisrt of all you need to add this to your form tag..

    ... method="post" enctype="multipart/form-data">

    and instead of

    "exec("cp $picture /public_html/joke/images/$picture_name");"

    Try

    copy($picture,"/public_html/joke/images/$picture_name");

    and lose the MAXLENGTH in your file input.

    [exec("cp.... may work I would normally use the PHP copy function though]

  3. #3
    SitePoint Addict Shantra's Avatar
    Join Date
    Feb 2001
    Location
    Norway
    Posts
    224
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thank you firepages!

    Everything works now!!! From now on I will use the "copy" function insted of "exec".

  4. #4
    Grumpy Mole Man Skunk's Avatar
    Join Date
    Jan 2001
    Location
    Lawrence, Kansas
    Posts
    2,067
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Whoa! - MAJOR security hole there:
    PHP Code:
    exec("cp $picture /public_html/joke/images/$picture_name"); 
    If I've read it correctly in that line you are executing code that includes user input straight on your web server - without first checking the input from the user!

    If the user were to enter something like "; rm -rd" (that may not be the exact command but you get the idea) they would execute a shell command directly on your server deleting all files in the near vicinity. A crafty hacker could use this security flaw to execute virtually any command they liked on your server.

    You should definitely check the data in the $picture_name and $picture variables before the exec() function. The safest thing would be to use a regular expression to limit those strings to containing only letters, numbers and the underscore.

  5. #5
    ********* wombat firepages's Avatar
    Join Date
    Jul 2000
    Location
    Perth Australia
    Posts
    1,717
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    True, yet the way PHP handles file uploads is in itself a security threat working along similar lines to your example, so really one should validate any and all user input however it is processed on the server-side.

  6. #6
    SitePoint Addict Shantra's Avatar
    Join Date
    Feb 2001
    Location
    Norway
    Posts
    224
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    WHAT!!!!!!

    Thank you for telling this to us. Luckely for me the only one to upload the files is ME.

    Has the "exec" function any use when uploading files?


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •