This in in the php manual (http://www.php.net/manual/en/features.file-upload.php) but anyway... The value contained in $_FILES['ufile1']['name'] is not the name of the temporary file on the server. Try $_FILES['ufile1']['tmp_name'] instead Hence the lines if (is_uploaded_file($_FILES['ufile1']['name'])) { copy($_FILES['ufile1']['name'], "."); become if (is_uploaded_file($_FILES['ufile1']['tmp_name'])) { copy($_FILES['ufile1']['tmp_name'], $_FILES['ufile1']['name']); That is copy the temporary file to the name that the user specified when uploading. BTW: Make sure you move or copy the temporary file before the php script ends as the temporary file will not exist afterwards. George Patterson On Thu, 16 Oct 2003 05:20:38 +0100 Bunmi Akinmboni <bunmi.akinmboni@ayserve.net> wrote: > Pls Help. > I have done a lot of reading prior to this yet I just can't seem make > it work. I wrote an upload program as seen below but the response I > got was: > > Possible file upload attack. Filename: ayservenet.jpg Array ( [ufile1] > > => Array ( [name] => ayservenet.jpg [type] => image/pjpeg [tmp_name] > => /tmp/phpIMEhdh [error] => 0 [size] => 3030 ) ) > > > File FUPROCESS.PHP: > <?php > // In PHP earlier then 4.1.0, $HTTP_POST_FILES should be used instead > > of $_FILES. > // $realname = $_FILES['ufile1']['name']; > > if (is_uploaded_file($_FILES['ufile1']['name'])) { > copy($_FILES['ufile1']['name'], "."); -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
