file_exists() expects parameter 1 to be a valid path, string given

Question

I'm designing a web application that can be customized based on which retail location the end user is coming from. For example, if a user is coming from a store called Farmer's Market, there may be customized content or extra links available to that user, specific to that particular store. file_exists() is used to determine if there are any customized portions of the page that need to be imported.

Up until now, we've been using a relatively insecure method, in which the item ID# and the store are simply passed in as GET parameters, and the system knows to apply them to each of the links within the page. However, we're switching to a reversible hash method, in which the store and item number are encrypted (to look something like "gd651hd8h41dg0h81"), and the pages simply decode them and assign the store and ID variables.

Since then, however, we've been running into an error that Googling extensively hasn't found me an answer for. There are several similar blocks of code, but they all look something like this:

$buttons_first = "../stores/" . $store . "/buttons_first.php";

if(file_exists($buttons_first))
{
    include($buttons_first);
}

(The /stores/ directory is actually in the directory above the working one, hence the ../)

Fairly straightforward. But despite working fine when a regular ID and store is passed in, using the encrypted ID throws this error for each one of those similar statements:

Warning: file_exists() expects parameter 1 to be a valid path, string given in [url removed] on line 11

I've had the script spit back the full URL, and it appears to be assigning $store correctly. I'm running PHP 5.4.11 on 1&1 hosting (because I know they have some abnormalities in the way their servers work), if that helps any.

What is the result of `var_dump($store)`? Perhaps it contains reserved characters that would constitute an invalid path (`?`, `*` etc.). [Here's a list of potentially reserved characters](http://en.wikipedia.org/wiki/File_name#Reserved_characters_and_words). — cmbuckley, Feb 13 '13 at 15:39
"../stores/shoprite/buttons_first.php" is the one I'm toying with. var_dump($store) results in **string(28) "shoprite"** in that case. — Sean, Feb 13 '13 at 15:43
Ok, now the really silly question - you're 100% sure the file exists at that relative path? One thing you could try (to discount it's not a file_exists problem) is to hard-code the value to a file you know exists and see if the function succeeds. — Raad, Feb 13 '13 at 15:48
The file doesn't always exist there, hence the check, but I explicitly created one to check. It works and loads it correctly with the regular ID, but not if I use the encrypted one (they use different $_GET variables, so they don't interfere with one another). — Sean, Feb 13 '13 at 15:53
Hmm, I'd look at encoding issues with your hashing mechanism - it sounds like there might be some char translation going on which means the reverse-hashed id string is interpreted as being different to the regular id. — Raad, Feb 13 '13 at 16:05
I was getting this error when I was trying to terminate a string with a null byte on a PHP version 7, so I think @naviciroel answer is correct. — Accountant م, Feb 03 '19 at 22:16

score 17 · Answer 1 · answered Apr 09 '14 at 09:09

17

I got the same error before but I don't know if this solution of mine works on your problem you need to remove the "\0" try replace it:

$cleaned = strval(str_replace("\0", "", $buttons_first));

it worked on my case.

answered Apr 09 '14 at 09:09

naviciroel

422
4
19

score 4 · Answer 2 · answered Aug 22 '13 at 02:28

Run a var_dump(strpos($buttons_first,"\0")), this warning could come up when a path has a null byte, for security reasons. If that doesn't work, check the length of the string and make sure it is what you'd expect, just in case there are other invisible bytes.

score 1 · Answer 3 · answered Feb 13 '13 at 15:37

1

It may be a problem with the path as it depends where you are running the script from. It's safer to use absolute paths. To get the path to the directory in which the current script is executing, you can use dirname(__FILE__).

answered Feb 13 '13 at 15:37

Gargron

808
7
10

If you're on PHP 5.3 or higher, use `__DIR__` rather than `dirname(__FILE__)` – SDC Feb 13 '13 at 15:48

score 0 · Answer 4 · edited Aug 21 '18 at 18:34

0

Add / before stores/, you are better off using absolute paths.

edited Aug 21 '18 at 18:34

Thomas Landauer

7,857
10
47
99

answered Feb 13 '13 at 15:36

phpalix

679
4
8

Still getting the same error, it actually was that way originally and I'd changed it in hopes that would fix the problem. – Sean Feb 13 '13 at 15:38
I believe that having a value in your global config file containing the absolute path of the application would save you lots of troubles.. – phpalix Feb 13 '13 at 15:39

score 0 · Answer 5 · answered Jul 17 '20 at 13:43

I know this post was created on 2013 but didn't saw the common solution.

This error occurs after adding multiple to the file submit form for example you are using files like this on php: $_FILES['file']['tmp_name'] But after the adding multiple option to the form. Your input name became file => file[]

so even if you post just one file, $_FILES['file']['tmp_name'] should be change to $_FILES['file']['tmp_name'][0]

file_exists() expects parameter 1 to be a valid path, string given

5 Answers5

Linked

Related