user directory from a form

user directory from a form

am 01.10.2006 17:45:03 von Neil Jackson

--------------000308070500010902000303
Content-Type: multipart/alternative;
boundary="------------000102040502030307050708"


--------------000102040502030307050708
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

I apologise for using this mailing list but I cannot find another.

I have a form

echo "

";
echo "
";
echo "";
echo "
News Letter
";

echo "";
echo "";
echo "";
echo "";
echo "";
echo "";
echo "";
echo "";
echo "";

I pass this to another file. I am trying to read the directory that the
users file is in. ie "/srv/www/htdocs/functions/email/file.txt", I want
to read the "/srv/www/htdocs/functions/email/". The variable $filename
only gives the "file.txt" as a value.

--
Neil Jackson DipPharm DipData
Tel: +27 31 7632795
Fax: +27 31 7632960


--------------000102040502030307050708
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit







I apologise for using this mailing list but I cannot find another.



I have a form 



		echo 
 style="color: rgb(221, 0, 0);">"<FORM ACTION='
 style="color: rgb(85, 85, 255);">$PHP_SELF
 style="color: rgb(221, 0, 0);">' METHOD='POST'>"
 style="color: rgb(0, 128, 0);">;

		
 style="color: rgb(0, 0, 128);">echo 
 style="color: rgb(221, 0, 0);">"<CENTER><TABLE BGCOLOR='yellowgreen' BORDERCOLOR='green' CELLSPACING='0' WIDTH='90%' BORDER='1'><TR>"
 style="color: rgb(0, 128, 0);">;

		
 style="color: rgb(0, 0, 128);">echo 
 style="color: rgb(221, 0, 0);">"<TD ALIGN='center'><FONT FACE='Arial' SIZE=5><b>News Letter</b></FONT></TD>"
 style="color: rgb(0, 128, 0);">;

		
 style="color: rgb(0, 0, 128);">echo 
 style="color: rgb(221, 0, 0);">"</TR></TABLE>"
 style="color: rgb(0, 128, 0);">;



		
 style="color: rgb(0, 0, 128);">echo 
 style="color: rgb(221, 0, 0);">"<TABLE BORDER='0' CELLSPACING='0' CELLPADDING='1'>"
 style="color: rgb(0, 128, 0);">;

		
 style="color: rgb(0, 0, 128);">echo 
 style="color: rgb(221, 0, 0);">"<TR>"
 style="color: rgb(0, 128, 0);">;

			
 style="color: rgb(0, 0, 128);">echo 
 style="color: rgb(221, 0, 0);">"<TD>Subject</TD>"
 style="color: rgb(0, 128, 0);">;

			
 style="color: rgb(0, 0, 128);">echo 
 style="color: rgb(221, 0, 0);">"<TD><INPUT TYPE='text' NAME='subject' WIDTH='50'></TD>"
 style="color: rgb(0, 128, 0);">;

		
 style="color: rgb(0, 0, 128);">echo 
 style="color: rgb(221, 0, 0);">"</TR>"
 style="color: rgb(0, 128, 0);">;

		
 style="color: rgb(0, 0, 128);">echo 
 style="color: rgb(221, 0, 0);">"<TR>"
 style="color: rgb(0, 128, 0);">;

			
 style="color: rgb(0, 0, 128);">echo 
 style="color: rgb(221, 0, 0);">"<TD>File name (Any attachment)</TD>"
 style="color: rgb(0, 128, 0);">;

			
 style="color: rgb(0, 0, 128);">echo 
 style="color: rgb(221, 0, 0);">"<TD><INPUT TYPE='file' NAME='filename' WIDTH='50'></TD>"
 style="color: rgb(0, 128, 0);">;

		
 style="color: rgb(0, 0, 128);">echo 
 style="color: rgb(221, 0, 0);">"</TR>"
 style="color: rgb(0, 128, 0);">;

I pass this to another file. I am trying to read the directory that the
users file is in. ie "/srv/www/htdocs/functions/email/file.txt", I want
to read the "/srv/www/htdocs/functions/email/". The variable $filename
only gives the "file.txt" as a value.
-- 

Neil Jackson DipPharm DipData

Tel: +27 31 7632795

Fax: +27 31 7632960




--------------000102040502030307050708--


--------------000308070500010902000303
Content-Type: text/plain; charset=us-ascii

--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--------------000308070500010902000303--

Re: user directory from a form

am 01.10.2006 20:07:21 von Niel Archer

Hi

> I apologise for using this mailing list but I cannot find another.

A listing can be found at http://lists.php.net/

Failing finding one more specific, the list to use would be php-general.

> I pass this to another file. I am trying to read the directory that the
> users file is in. ie "/srv/www/htdocs/functions/email/file.txt", I want
> to read the "/srv/www/htdocs/functions/email/". The variable $filename
> only gives the "file.txt" as a value.

I'm not sure I understand the problem! Are you saying the path is being
cut leaving only the filename, or you don't know how to extract the path?


Niel

--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: user directory from a form

am 01.10.2006 21:36:22 von Bastien Koert

the real question is why is the path relevant to the data being
collected/uploaded?

Bastien


>From: Niel Archer
>Reply-To: php-db@lists.php.net
>To: php-db@lists.php.net
>Subject: Re: [PHP-DB] user directory from a form
>Date: Sun, 01 Oct 2006 19:07:21 +0100
>
>Hi
>
> > I apologise for using this mailing list but I cannot find another.
>
>A listing can be found at http://lists.php.net/
>
>Failing finding one more specific, the list to use would be php-general.
>
> > I pass this to another file. I am trying to read the directory that the
> > users file is in. ie "/srv/www/htdocs/functions/email/file.txt", I want
> > to read the "/srv/www/htdocs/functions/email/". The variable $filename
> > only gives the "file.txt" as a value.
>
>I'm not sure I understand the problem! Are you saying the path is being
>cut leaving only the filename, or you don't know how to extract the path?
>
>
>Niel
>
>--
>PHP Database Mailing List (http://www.php.net/)
>To unsubscribe, visit: http://www.php.net/unsub.php
>

--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: user directory from a form

am 01.10.2006 22:04:50 von Niel Archer

Hi

> I would like to extract the path from the users machine

Yes, I got that, but you still haven't explained whether you're just not
getting the path or don't know how to isolate it


Niel

--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: user directory from a form

am 01.10.2006 22:09:34 von Neil Jackson

--------------040405060100070001090109
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

I would like to extract the path from the users machine.

Niel Archer wrote:
> Hi
>
>
>> I apologise for using this mailing list but I cannot find another.
>>
>
> A listing can be found at http://lists.php.net/
>
> Failing finding one more specific, the list to use would be php-general.
>
>
>> I pass this to another file. I am trying to read the directory that the
>> users file is in. ie "/srv/www/htdocs/functions/email/file.txt", I want
>> to read the "/srv/www/htdocs/functions/email/". The variable $filename
>> only gives the "file.txt" as a value.
>>
>
> I'm not sure I understand the problem! Are you saying the path is being
> cut leaving only the filename, or you don't know how to extract the path?
>
>
> Niel
>
>

--
Neil Jackson DipPharm DipData
Tel: +27 31 7632795
Fax: +27 31 7632960



--------------040405060100070001090109
Content-Type: text/plain; charset=us-ascii

--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--------------040405060100070001090109--

Re: user directory from a form

am 01.10.2006 22:44:51 von Stut

Neil Jackson wrote:
> I would like to extract the path from the users machine.

Assuming I'm understanding you correctly, you can't do that. The
location of a file uploaded via HTTP is not available - you cannot get
it since it doesn't get sent with the file, only the filename itself is
sent.

-Stut

--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: user directory from a form

am 01.10.2006 23:14:11 von Neil Smth

>
>Message-ID: <451FE27F.5070502@webcoza.co.za>
>Date: Sun, 01 Oct 2006 17:45:03 +0200
>From: Neil Jackson
>MIME-Version: 1.0
>To: php-db@lists.php.net
>Content-Type: multipart/mixed;
> boundary="------------000308070500010902000303"
>Subject: user directory from a form
>
>I apologise for using this mailing list but I cannot find another.
>
>I have a form
>
>
> echo "";

Although you correctly used POST for that form you also require to
set the ENCTYPE="multipart/form-data" as shown in the example here
http://www.w3.org/TR/html4/interact/forms.html#h-17.13.4.2 in order
to post file attachments,

Snipped useless HTML (please post complete but minimal examples when
requesting help)



> echo "

";
>I pass this to another file. I am trying to read the directory that
>the users file is in. ie


When you use the enctype setting as above, PHP will populate the $_FILES array.
Specifically for your field here, it will populate the
$_FILES["myfile"] variable.

NB : I changed the form element's name to make it clearer which
variable is created.

In turn that is an array, and the actual value you want is where PHP
saved the uploaded file.
That value is contained in the varialbe $_FILES["myfile"]["tmp_name"];

tmp_name always points to the PHP upload directory, on unix systems
it's often /tmp
The actual file name will *not* be that which your user supplied, it
will be a unique and often cryptic name

So you understand, this is *not* a PHP+DB related question. Your
first resource should always be the PHP website documentation, which
you can find here : http://uk.php.net/features.file-upload

Ensure you understand the security issues regarding file uploads, and
especially testing *if* the file really was uploaded, using
is_uploaded_file() function before moving it or acting on the data.


>"/srv/www/htdocs/functions/email/file.txt", I want to read the
>"/srv/www/htdocs/functions/email/". The variable $filename only
>gives the "file.txt" as a value.


In general, *never* move uploaded files into your web server's file
structure if you can avoid it. The security issue is that the user
now has a route to upload say a virus file to your server, and then
point other users to your known server address and path. Your web
server will probably dish out this file on request from the
evil-hacker's link to your server. You are now consuming resources on
his behalf, as well as apparently being the source-of-all-evil.

So - time to read up on "PHP file upload security", budget 1/2-1 day ;-))

HTH
Cheers - Neil

--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: user directory from a form

am 02.10.2006 13:53:18 von Oskar

--------------010001000002030704090807
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

Hi,

this is not a php but javascript. Next time write to a proper forum. You
need to transfer the full path into other variable.

onchange="document.getElementById('id_full_path').value=this .value;">



OKi98


--------------010001000002030704090807--

Subject
File name (Any attachment)