1

I am pretty new to php, just learning how to upload to server via ftp.

I have a file for connecting to ftp, it displays no error when it is on my localhost, but when i upload the file onto the remote server, it gave me an error straight away that it can't connect to server(would it be because they are the same server?) . At the moment it is displaying, Cannot connect to host And this is my first time doing FTP in php, so i hope my mistakes aren't too stupid.

P.S. This is just for testing, so i will figure out the SQL injection issue later on with sqli_real_escape string.

As i am also trying to do a form that upload images onto the remote server via ftp_put. But it is not working at the moment. But giving me an error Warning: ftp_put() expects parameter 1 to be resource, boolean given in Please give me some direction to why my errors are occurring. Thanks for your time, thanks!

Agentftpconnect.php

<?php
$ftp_user_name='name';
$ftp_user_pass='pass';
$connection = 'testing.info';

$ftpconn_id = ftp_connect($connection) or die ("Cannot connect to host");
$login = ftp_login($ftpconn_id, $ftp_user_name, $ftp_user_pass);


if (!$ftpconn_id) 
{die ("FTP connection has encountered an error!");}

if (!$login)
{die ("But failed at login Attempted to connect to $connection for user $ftp_user_name....");}

?>

Submitform.php

<?php
ini_set('display_errors', 1); error_reporting(E_ALL);

ob_start();
session_start();
include 'connect.php';
include 'Agentftpconnect.php';



if ($_POST)
{
 //get form data



 $Listingname = addslashes(strip_tags($_POST['Listingname']));
 $Location = addslashes(strip_tags($_POST['Location']));
 $nobed = addslashes(strip_tags($_POST['nobed']));
 $zip = addslashes(strip_tags($_POST['zip']));
 $price = ($_POST['price']);


 if (!$Listingname||!$nobed||!$Location||!$zip||!$price)
    die ("Please fill out all fields"); 
    else 



    for($i=0;$i<3;$i++)
    {


if ((($_FILES["file"]["type"][$i] !== "image/gif")
|| ($_FILES["file"]["type"][$i] !== "image/jpeg")
|| ($_FILES["file"]["type"][$i] !== "image/jpg")
|| ($_FILES["file"]["type"][$i] !== "image/pjpeg")
|| ($_FILES["file"]["type"][$i] !== "image/x-png")
|| ($_FILES["file"]["type"][$i] !== "image/png"))
    && ($_FILES["file"]["size"][$i] > 400000))
die("File is not correct");

else{

  if ($_FILES["file"]["error"][$i] > 0)
    {
    echo "Return Code: " . $_FILES["file"]["error"][$i] . "<br>";
    }
  else
    {
    echo "Upload: " . $_FILES["file"]["name"][$i] . "<br>";
    echo "Size: " . ($_FILES["file"]["size"][$i] / 1024) . " kB<br>";
    echo "Temp file: " . $_FILES["file"]["tmp_name"][$i] . "<br>";
    echo "<br>";

    if (file_exists("rentaid.info/rent" . $_FILES["file"]["name"][$i]))
      {
      die($_FILES["file"]["name"][$i] . " already exists please add another file, or change the name ");
      }

    else

      {
        $photo=$_FILES["file"]["name"][$i];
      ftp_put($login,"rentaid.info/rent/$photo",$_FILES["file"]["tmp_name"][$i],FTP_ASCII);
      echo "Stored in: " . "rentaid.info/rent/" . $_FILES["file"]["name"][$i];
      }
    }
}



}

    {
      $photo0=$_FILES["file"]["name"][0];
        $photo1=$_FILES["file"]["name"][1];
         $photo2=$_FILES["file"]["name"][2];
       $username=$_SESSION['username'];

           //register into database
            mysqli_query($con,"INSERT INTO Listing (username,Listingname,Location,nobed,zip,price,pic1,pic2,pic3) VALUES 
                ('$username','$Listingname','$Location','$nobed','$zip','$price','$photo0','$photo1','$photo2');") or die(mysqli_error());


            echo "Listing Added";
    }        

       }





else
{

?>

<form action="Submitlisting8.php" method="post"
enctype="multipart/form-data">
Listing Name:<br />
<input type='text' name='Listingname'><p />
Location:<br />
<input type='text' name='Location'><p />
Number of Beds:<br />
<input type='test' name='nobed'><p />
Zip:<br />
<input type='text' name='zip'><p />
Price:<br />
<input type='text' name='price'><p />


<label for="file">Pic1(File must be exceed 4mb):</label>
<input type="file" name="file[]" id="file[]"><br>
<label for="file">Pic2(File must be exceed 4mb):</label>
<input type="file" name="file[]" id="file[]"><br>
<label for="file">Pic3(File must be exceed 4mb):</label>
<input type="file" name="file[]" id="file[]"><br>
<br>
<input type='submit' name='submit' value='Submit'>
</form>

<FORM METHOD="LINK" ACTION="agentaccount.php">
<INPUT TYPE="submit" VALUE="Back to Account">
</form>

<?php

}



?>
Benyaman
  • 451
  • 2
  • 10
  • 25
  • "i will figure out the SQL injection issue later on with sqli_real_escape string" -- no, you don't use that to avoid SQL injection. You use [prepared statement and variable binding](http://www.php.net/manual/en/mysqli.quickstart.prepared-statements.php). – Passerby Nov 27 '13 at 10:55
  • try to put real server address here, it should be the target ftp server, i think it should be like this "ftp.xyz.com" in $connection.. for further reference go to this link: http://php.net/manual/en/function.ftp-login.php – Qarib Haider Nov 27 '13 at 10:57
  • ok i will change those later too, just trying to figure out why the ftp won't connect and upload files at the moment, will read up and change the code to prevent sql injection. Thanks – Benyaman Nov 27 '13 at 10:58
  • @SyedQarib I tried that as well, it is still the same issue – Benyaman Nov 27 '13 at 11:02
  • I figured it out, nothing wrong with my script but my remote server is godaddy, This is what i saw from their forum "ftp_connect is not supported on our shared hosting, and cURL and fsockopen are only available on ports 80 (http) and 443(https)." Any Idea on what i can do?? – Benyaman Nov 27 '13 at 11:43

0 Answers0