0

So I am trying to use XAMPP server on ubuntu (Xampp 1.7.7 and yes, I know it is old) to upload files to a specific directory using PHP.

I know that it can be done, but every bit of code I can find wants to use a temp name. I think it checks to see if there is a duplicate file but can't I set it to just go strait to the directory? I know it wont be a problem so is this possible? Let me know if I need to be more specific.

Also, please don't ask "Why don't you want to use the temp directory?" because I don't want/need to is your answer. So if you have an answer, please let me know.

Thanks! :)

Prahalad Gaggar
  • 11,389
  • 16
  • 53
  • 71
doglover129
  • 3
  • 1
  • 5
  • 2
    PHP needs to put the file somewhere until your script runs, that's what the temp file is for. – Barmar Jun 11 '13 at 04:23

1 Answers1

0

PHP couldn't care less about duplicate files. If two people upload "file.txt", PHP won't care, because it'll be using that nice random temp name instead. File collision handling is NOT php's job. that's up to your code.

And while it would be nice if you didn't HAVE to use a temp file for uploads, removing that restriction would mean a complete re-write of PHP's upload infrastructure. The script which a file upload is performed on is not invoked until AFTER the upload has completed (regardless of success). There is no mechanism in PHP to allow a "live" script to accept the upload as the bytes are streaming in.

If you need to handle the raw straw as the upload proceeds, you'll have to use some other language, e.g. perl.

Marc B
  • 356,200
  • 43
  • 426
  • 500
  • Okay, well, can I use php code to upload the temp file name to a specific location rather than going to a temp file location then having it move from that temp file location to the upload directory? A temp name is okay, the temp directory is an issue. (If not, how do I set the temp directory in php.ini? I cant find good things to give me an answer) – doglover129 Jun 11 '13 at 04:46
  • you have to set the temp dir via .ini directives OUTSIDE of the upload script, e.g. via a `php_value` in .htaccess or httpd.conf. you cannot do it inside the script, because by the time the script is executed and the ini_set() is performed, the upload will already have been completed. As for the actual setting, RTLM: http://www.php.net/manual/en/features.file-upload.post-method.php – Marc B Jun 11 '13 at 04:48
  • Okay, I did that, now I have a new problem, it always says "possible file upload attack!" and it wont upload anything. Can I do something about this? – doglover129 Jun 11 '13 at 05:13
  • Oh wait, I see that means it did not upload properly... It says that the temp name is in the correct directory, but the files aren't in the temp directory or the upload directory. And yes, I created the directory I told it to go to. – doglover129 Jun 11 '13 at 05:16