My Document Root is /var/www/html
I've created a directory /var/www/uploads

I cannot seem to get a script to upload to this uploads section.
I have 777 permissions to the folder (don't like that idea but....) and still.
I created a folder under the doc root and it works just fine.

How do I go about actually getting the file uploaded above the doc root?

Current Code

  if ( (isset($_FILES['userfile']['name']) && 
        is_uploaded_file($_FILES['userfile']['tmp_name']))) 
  {

if (!isset($_REQUEST['userfile']) || $_REQUEST['userfile']=='') 
{
  $file = mysqli_insert_id($handle);
}
$type = basename($_FILES['userfile']['type']);

switch ($type) {
  case 'jpeg':
  case 'pjpeg':   $filename = "$upload_dir/$file.jpg";
                  move_uploaded_file($_FILES['userfile']['tmp_name'], 
                                     $upload_dir.$filename);
                  $query = "update depot
                            set file = '$filename'
                            where id = $file";
                  $result = $handle->query($query);
                  break;
  default:        echo 'Invalid file format: '.
                        $_FILES['userfile']['type'];
}
  }

$upload_dir is set to /var/www/uploads

I've tried
$filename = "uploads/$file.jpg";

blablawoofwoof

move_uploaded_file($_FILES['userfile']['tmp_name'],
'../../../'.$filename);

Can Ya Help a poor boy out??

THX Ahead of Time and Have a Great Gobbler Day

    Do you possibly have an open_basedir restriction in effect? You can check by doing:

    <?php
echo ini_get('open_basedir');
?>

    Otherwise, as a sort of "sanity check", you might want to try the following:

    <?php
$upload_dir = '/var/www/uploads';
if(is_dir($upload_dir))
{
   if(is_writable($upload_dir))
   {
      echo "OK: directory $upload_dir exists and is writable by this script.";
   }
   else
   {
      echo "ERROR: directory $upload_dir exists but is not writable by this script.";
   }
}
else
{
   echo "ERROR: This script does not recognize $upload_dir as a directory.";
}
?>

      Created a test.php file with the first suggestion (that basedir echo) page just came up blank.

      Created a test2.php file with the quick script you supplied and came up with "OK bla bla woof woof".

        Doh! Just saw this:

              case 'pjpeg':   $filename = "$upload_dir/$file.jpg";
                      move_uploaded_file($_FILES['userfile']['tmp_name'],
                                         $upload_dir.$filename);

        Remove the $upload_dir. from the last line above; otherwise you're duplicating the directory path in front of the directory path.

          Nahhh, that didn't work. Basically the first one simply sets the $filename variable to enter the path into the dbase, the second instance of the $upload_dir.....I was hoping would actually move the file to that path.

          IF I change that all to something line...

          $filename = "uploads/$file.jpg";
                      move_uploaded_file($_FILES['userfile']['tmp_name'],
                                         '../'.$filename);

          It all works fine...updates the dbase with the path uploads/35.jpg AND moves the file to the /var/www/html/uploads directory however, I want it up just upstairs from the doc root (/var/www/uploads) instead.

          BTW...NogDog I love that avatar

            How about:

            $uploaddir = $_SERVER['DOCUMENT_ROOT'].'/../uploads/';
move_uploaded_file($_FILES['userfile']['tmp_name'], $uploaddir.$filename);

            ?

              GRR that didn't work either.

              Hmm, maybe think about this a different way.
              What if I were to go back to

               $filename = "uploads/$file.jpg";
                      move_uploaded_file($_FILES['userfile']['tmp_name'],
                                         '../'.$filename);

              The big thing I want is the security, so when someone does a search they won't see anything in the uploads directory, users cannot simply go to www.blabla.com/uploads/woofwoof.jpg. I already know that I can simply add in the index.php file to stop someone from simply seeing the contents of the directory but, how can I really secure down the directory from pretty much everything else (OR do I have the best idea....gettin' the files to load above the doc root).

                Hey NogDog

                Thanks for all the help... I did actually learn somethin' from your posts even though we didn't get things working from the above.

                What I ended up doing

                  $upload_dir = '/var/www/uploads/';
  $upload_file = $upload_dir . basename($_FILES['userfile']['name']);
if (move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_file))
	  				 {
					   echo "File is valid, and was successfully uploaded.\n";
					 } else
					   {
					   echo "Possible file upload attack!\n";
					   }
                     $query = "update uploads
                                set file = '$upload_file'
                                where id = $file";
                  Write a Reply...