PHP Upload Form not working..

[Bennett 🚀]

This is what I get when I try to upload something to my website, via a PHP script I found..
Warning: basename() expects parameter 1 to be string, array given in /home/a8848808/public_html/upload.php on line 3

Here is the link if it would be needed.. erinuki.hostoi.com/upload.html

I am using this code for the upload.php part:
<?php
$target = "upload/";
$target = $target . basename( $_FILES['uploaded']) ;
$ok=1;

//This is our limit file type condition
if ($uploaded_type =="text/php")
{
echo "No PHP files<br>";
$ok=0;
}

//Here we check that $ok was not set to 0 by an error
if ($ok==0)
{
Echo "Sorry your file was not uploaded.";
}

//If everything is ok we try to upload it
else
{
if(move_uploaded_file($_FILES['uploaded'], $target))
{
echo "The file ". basename( $_FILES['uploadedfile']). " has been uploaded";
}
else
{
echo "Sorry, there was a problem uploading your file. Please try again.";
}
}
?>

I have that in the file labeled upload.php in my public_html/ folder.. along with the upload.html. I have the "upload" directory created.. what is going wrong?
Help!!

[Charles Stover]

Exactly what the error says.echo "The file ". basename( $_FILES['uploadedfile']). " has been uploaded";
$_FILES['uploadedfile'] is an Array. basename only accepts strings.

echo "The file ", htmlentities($_FILES["uploadedfile"]["name"]), " has been uploaded";

[Bennett 🚀]

Sweet! Thanks Charles! I know nothing about PHP, that is why i asked here xD THanks again

[Charles Stover]

For future reference, just pay attention to what it says after "Warning:" or whatever it says. PHP tells you how to debug the code in its errors. If it gives a function name, look in your code for where that function is used (usually, it'll tell what line number and such). Find what it says is wrong with the function (e.g. Array given, string expected). If you don't know what the error specifically means, just take the key words (Array, string) and check the PHP manual (http://php.net/basename) for proper usage.

Good luck in future projects.

[Bennett 🚀]

So.. what should the code be for the upload.php part? and is the HTML part right?

[Bennett 🚀]

Would it be like: <?php
$target = "upload/";
$target = $target . basename( $_FILES['uploaded']) ;
$ok=1;

//This is our limit file type condition
if ($uploaded_type =="text/php")
{
echo "No PHP files<br>";
$ok=0;
}

//Here we check that $ok was not set to 0 by an error
if ($ok==0)
{
Echo "Sorry your file was not uploaded.";
}

//If everything is ok we try to upload it
else
{
if(move_uploaded_file($_FILES['uploaded'], $target))
{
echo "The file ", htmlentities($_FILES["uploadedfile"]["name"]), " has been uploaded";
}
else
{
echo "Sorry, there was a problem uploading your file. Please try again.";
}
}
?>


[Renegade]

just one quick note - if tha'ts going to be public, liek the link currently is for it, you're going to need a bit more security than that

[Bennett 🚀]

I know that.. but this is just simple so that i can upload stuff to the server without having to login to the FTP account.. so if someone wants to make a more complex code, go ahead.

[Charles Stover]

Well, for one, $uploaded_type is never set anywhere. So that would make it an empty string. So when you compare $uploaded_type to "text/php," it will always return false (even for a PHP file), since you're not setting it.
Also, by more security, I think he means the types of files that are allowed. Instead of saying, "if it's not PHP," you should be saying, "If it is[/b] JPG, GIF, PNG, other-files-you-want-allowed," as there are more malicious files than PHP.

[Renegade]

If it's only for you to upload with, and nobody else will ever access the upladoer, then it doesn't matter. but then you'd need to password protect the page or something just to make sure of that

I actualyl can't think of anything more malicious to uplad to a web server than a PHP file, since if tyou can do that, you haev complete control over the server from that point. trust me, i've done that before however, even if you were checking what was being uplaoded, you need to disallow more than just PHP, or at least double check that your host isn't going to overwrite fiels that are uploaded like that. Someof them will do, never ever assume that if I try to uplaod a new htaccess file (which would allow me to bypass the php file uploading restriction), your host wil lautomatically refuse it


There's more than that to think about though

The other problem with it is that even if you disallow script fiels to be uploaded, there's nothing stoppin me backin up my hard drive and uploading half a terabyte of data to your host. that would use ALL your bandwidth, and then some, and probably get you suspended and fined by your webhost

[Bennett 🚀]

Than what should I do? What codes should I use? This isn't really helping me..

[Bennett 🚀]

BUMP!! This still needs help.

[Bennett 🚀]

BUMP! Still needs help..