form uploads missing vars

Anon

Any of you guys help with this?

I have a form which uploads a binary file into a mysql database. The problem is that the form variable returned is missing the size and name values why is this?

I am using

for the form and I have included enctype="multipart...etc in the form tag

$graphicfile DOES give me the name of the temp file but i dont understand why the other parameters ($graphicfile_name and $graphicfile_size) are missing

Cheers Nick

Anon

From your code you don't have any sections named graphicfile_name or graphicfile_size.

PHP converts all form data into variables using the NAME= section of the form tag to determine the name of the variable.

So from the above listing you will have a variable named $MAX_FILE_SIZE, and a variable named $graphicfile. Unless you have a couple of other form elements that are named graphicfile_size, and graphicfile_name you will never get these variables in your PHP script.

Anon

Rob
When implmenting file uploads you automatically get the name size _type you dont need to define them. See chapter19 POST method uploads in the php manual

nick

Anon

Thanks, I've never needed to upload a file to any of my sites, so I've never used that functionality. But I did look at that chapter and here is what was said that could be affecting you.

In PHP 3, the following variables will be defined within the destination script upon a successful upload, assuming that register_globals is turned on in php3.ini. If track_vars is turned on, they will also be available in PHP 3 within the global array $HTTP_POST_VARS. Note that the following variable names assume the use of the file upload name 'userfile', as used in the example above:

In PHP 4, the behaviour is slightly different, in that the new global array $HTTP_POST_FILES is provided to contain the uploaded file information. This is still only available if track_vars is turned on, but track_vars is always turned on in versions of PHP after PHP 4.0.2.

So depending on you version of PHP you could be running into one of these problems. PHP4 has been moving away from creating variables for data passed in from the browser, and is instead creating array's that will hold that data, so that you can keep people from spoofing a form with a GET style url. It's a step forward for PHP's security, but it makes things a bit more tricky on the programers side.