unexpected T_STRING $_FILES['userfile']['tmp_name'] 3

[vamonos]

I have tried several variations of a file upload script but all give me an unexpected T_STRING error with $_FILES['userfile']['tmp_name']. Does anyone know why this might be?
For example - from this same page:

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<HTML>
<HEAD>
        <TITLE>Upload Files</TITLE>
</HEAD>

<BODY>
<H1>File Uploader</H1>
<HR>
<!-- The data encoding type, enctype, MUST be specified as below -->
<form enctype="multipart/form-data" action="fupload.php" method="POST">
    <!-- MAX_FILE_SIZE must precede the file input field -->
    <input type="hidden" name="MAX_FILE_SIZE" value="30000" />
    <!-- Name of input element determines name in $_FILES array -->
    Send this file: <input name="userfile" type="file" />
    <input type="submit" name="Submit" value="Send File" />
</form>

<?php
if(isset($_POST['Submit'])){
$nwfile = "files/". basename($_FILES['userfile']['name']);

echo '<pre>';
if (move_uploaded_file($_FILES['userfile']['tmp_name'], $nwfile)) {
   echo "File is valid, and was successfully uploaded.\n";
} else {
   echo "Possible file upload attack!\n";
}

echo 'Here is some more debugging info:';
print_r($_FILES);

print "</pre>";
}
?>
</BODY>
</HTML>

or from my own trial page:

<?php require_once('Connections/recommendingpeople.php'); 
mysql_select_db($database_recommendingpeople, $recommendingpeople);?>
<?php
ini_set('display_errors',1);
error_reporting(E_ALL);
if(isset($_POST['upload']) && $_FILES['userfile']['size']>0)
 { 
 $fileName = $_FILES['userfile']['name'];
 $tmpName  = $_FILES['userfile']['tmp_name'];
 $fileSize = $_FILES['userfile']['size'];
 $fileType = $_FILES['userfile']['type'];

 $fp      = fopen($tmpName, 'r');
 $content = fread($fp, filesize($tmpName));
$content = addslashes($content);
 fclose($fp);

 if(!get_magic_quotes_gpc())
 {
     $fileName = addslashes($fileName);
 }

 include 'library/config.php';
 include 'library/opendb.php';
mysql_select_db($database_recommendingpeople, $recommendingpeople);
 $query = "INSERT INTO userphoto (name, size, type, content)".
 "VALUES ('$fileName', '$fileSize', '$fileType', '$content')";

 mysql_query($query) or die('Error, query failed'); 
 include 'library/closedb.php';

 echo "<br>File $fileName uploaded<br>";
 } 
else { echo "there is no post"; }
 ?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "[URL unfurl="true"]http://www.w3.org/TR/html4/loose.dtd">[/URL]
<html>
<head>
<title>Untitled Document</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body>
<form method="post" enctype="multipart/form-data">
 <table width="350" border="0" cellpadding="1"  cellspacing="1" class="box">
 <tr> 
 <td width="246">
<input type="hidden" name="MAX_FILE_SIZE" value="2000000">
 <input name="userfile" type="file" id="userfile"> 
 </td>
 <td width="80"><input name="upload" type="submit"  class="box" id="upload" value=" Upload "></td>
 </tr>
 </table>
 </form>
</body>
</html>

 

[jpadie]

@ingresman

i'm not au fait with hexdumps. what is it/are they and what makes it/them useful in these circs?

tx
Justin

 

[vacunita]

I'm with Justin what exactly do hexdumps do and how would they be useful?

----------------------------------
Phil AKA Vacunita
----------------------------------
Ignorance is not necessarily Bliss, case in point:
Unknown has caused an Unknown Error on Unknown and must be shutdown to prevent damage to Unknown.

Behind the Web, Tips and Tricks for Web Development.

http://behindtheweb.blogspot.com/

 

[MAWarGod]

<clueless hexdumps?@ME2

Please help Me understand what they do?



thanks
Robert

MA WarGod

I believe if someone can think it, it can be programmed

 

[ingresman]

ahhh you must all be young guys! I had to do this many times on COBOL on HP3000 back in the 80's.
Seems that the source of this issue was some rogue characters that got into the source file. I presume as Vamanos couldn't see them they are unprintable characters nor could we after HTML has its way with them.
So if you take a hexdump of the source file you get:

-0 -1 -2 -3 -4 -5 -6 -7 -8 -9 -A -B -C -D -E -F

00000000- 3C 3F 70 68 70 0D 0A 65 63 68 6F 20 22 68 65 6C [<?php..echo "hel]
00000001- 6C 6F 20 74 65 6B 2D 74 69 70 73 21 22 3B 0D 0A [lo tek-tips!";..]
00000002- 3F 3E 0D 0A [?>.. ]

So you would be able to see unprintables as a . (e.g look at OD and OA above)
It's just another debugging tool !
@vamanos - could you do a hexdump on the failing file and see what you get? (and post back results here please)