Correct Format for upload_tmp_dir Value


Okay so I have set up my php.ini file and it seems to be working correctly but I wanted to make sure that I am basing my upload_tmp_dir value from the correct root folder.

Right now I have it set as:
/home/[user]/[website name which happens to be this folder’s name]/temp
^An explanation of the directory value

For some reason it appears that I have a script that at least is able to acquire the extension of the file but I cannot find any evidence that the file is ever actually uploaded to any of my folders. And the new file that is supposed to be created from the uploaded image file is not appearing. Can someone tell me where I am going wrong and whether it has to do with a wrong upload_tmp_dir or whether it’s some other problem?

First of all the bulk of the code for the image file upload is as follows, which will be included at line 70 of the second block of code:


<?php # Based on script 10.3 - upload_image.php function findexts ($filename) //Define findexts function { $filename = strtolower($filename) ; global $exts; $exts = split("[/\\.]", $filename) ; $n = count($exts)-1; $exts = $exts[$n]; return $exts; } // Check if the form has been submitted: if (isset($_POST['submitted'])) { // Check for an uploaded file: if (isset($_FILES['upload'])) { // Validate the type. Should be JPEG or PNG. $allowed = array ('image/pjpeg', 'image/jpeg', 'image/JPG', 'image/X-PNG', 'image/PNG', 'image/png', 'image/x-png', 'image/GIF', 'image/gif'); if (in_array($_FILES['upload']['type'], $allowed)) { findexts($_FILES['upload']['name']); // finds the extension of the uploaded file and returns $exts do {//start do-while loop //This line assigns a random number to a variable. You could also use a timestamp here if you prefer. $ran = rand (1, 999999999) ; //This takes the random number (or timestamp) you generated and adds a . on the end, so it is ready of the file extension to be appended. $ran2 = $ran . '.'; //This assigns the subdirectory you want to save into... make sure it exists! $target = "entities/images/"; //This combines the directory, the random file name, and the extension $target = $target . $ran2.$exts; $random_logo_name = $ran2.$exts; $random_filename_query = "SELECT * FROM entities WHERE logo_path = '$random_logo_name'"; $rand_query_result = mysqli_query ($dbc, $random_filename_query); } while (mysqli_num_rows($rand_query_result) > 0 ); //end do while loop // Move AND test if the file has been moved to permanent location if (move_uploaded_file ($_FILES['upload']['name'], "/entities/images/{$random_logo_name}")) { // echo '

The file has been uploaded!

'; } // End of move... IF. else { echo '

The file has not been uploaded correctly

';} } else { // Invalid type. echo '

Please upload a JPEG, GIF, or PNG image.

'; } } // End of isset($_FILES['upload']) IF. // Check for an error: if ($_FILES['upload']['error'] > 0) { echo '

The file could not be uploaded because: '; // Print a message based upon the error. switch ($_FILES['upload']['error']) { case 1: print 'The file exceeds the upload_max_filesize setting in php.ini.'; break; case 2: print 'The file exceeds the MAX_FILE_SIZE setting in the HTML form.'; break; case 3: print 'The file was only partially uploaded.'; break; case 4: print 'No file was uploaded.'; break; case 6: print 'No temporary folder was available.'; break; case 7: print 'Unable to write to the disk.'; break; case 8: print 'File upload stopped.'; break; default: print 'A system error occurred.'; break; } // End of switch. print '

'; } // End of error IF. // Delete the file if it still exists: //if (file_exists ($_FILES['upload']['name']) && is_file($_FILES['upload']['name']) ) { //unlink ($_FILES['upload']['name']); //} } // End of the submitted conditional. ?>


$dbc = false;

require ('includes/');
$page_title = 'Submit New Entity';
$page_description = 'Submit New Entity; submission by user of new organization within the Dataconia database';
$page_keywords = 'submit new entity, submission, company, organization, Dataconia, quantifying perception, brands, products, rating, reviews';
$page_author = 'Kylan Hurt';
// Welcome the user (by name if they are logged in):
	echo '<h2>New Entity Submission ';
	if (isset($_SESSION['username'])) {
	echo "by {$_SESSION['username']}";}
	echo '</h2>';

if (isset($_POST[‘submitted’]))
{// Start of main $_POST conditional = 1
require (MYSQL);
//Trim all field of the post / form
$trimmed = array_map(‘trim’, $_POST);
//Assume invalid values
$uid = $en = $c = $ed = $un = $d = $description_reduced = $ws = $logo_path = FALSE;
$errors = array(); // Initialize an error array.
//Validate User
if (!isset($_SESSION[‘user_id’])) // if post is submitted and user_id is not set
echo ‘

You must be logged in to submit a new entity

else { $uid = $_SESSION[‘user_id’]; //if post is submitted and user_id IS set
$un = $_SESSION[‘username’];
if (isset($_POST[‘entity_name’])) { //if post is submitted, user_id is set, and entity_name is set, and characters are valid
//&& preg_match(’/^[!#$&-;=?-[]_a-z~]+$/’ , $_POST[‘entity_name’]
$en = mysqli_real_escape_string ($dbc, $trimmed[‘entity_name’]);
$entity_name_despaced = $en;}
				else 	{ // if post is submitted, user_id is set, but entity_name not set
						echo '<p class="error">Please enter a valid name for the entity you are trying to submit.  
								Please be aware that the entity name may not include certain special characters.</p>'; 
						} // end of else clause for no entity name
				//$old_website_pattern = "%^(www\.)([a-z0-9-].?)+(:[0-9]+)?(/.*)?$%i";
				$website_pattern = "%^([a-z0-9-]+(\.[a-z0-9-]+)+([/?].*)?$)%i";
				if (isset($_POST['website']) && preg_match($website_pattern, $_POST['website'])) {
						$ws = mysqli_real_escape_string ($dbc, $trimmed['website']);
						$ws= 'http://' . $ws;}
					else {echo '<p class="error">Please enter a valid website url.</p>';}
				if (isset($_POST['country'])) 
					{ // if post is submitted, user_id is set, and country isset
						if ($_POST['country'] == "...") {
							echo '<p class="error">You did not enter a valid country.</p>';
						else {$c = mysqli_real_escape_string ($dbc, $trimmed['country']);}
					 else 	{
								echo '<p class="error">Please enter the country in which the entity is based.</p>'; //+1 = 2
							} 		// end of else clause for entity country presence // -1 = 1
					if (isset($_POST['description']))	{ // start of entity description conditional +1 = 2
						$ed = mysqli_real_escape_string ($dbc, $trimmed['description']); 
					else 	{
							echo '<p class="error">Please enter a description for the entity being submitted:</p>'; // +1 = 2
							}// end of else clause for entity description field -1 = 1 

					[b]include('file_upload_script.php');	[/b]
					if ($uid && $en && $c && $ed && $ws && $random_logo_name) { // If everything's OK...	
						$q1 = "SELECT entity_id FROM entities WHERE entity_name = '$en'";
						$r1 = mysqli_query ($dbc, $q1) or trigger_error("Query: $q\n<br />MySQL Error: " . mysqli_error($dbc));
						if (mysqli_num_rows($r1) == 0 )	{ // then the space is available //+1 = 3, Add the user to the database:
							$q3 = "INSERT INTO entities (entity_name, website, entity_location, entity_description, logo_path, 
									date_of_creation, created_by_id, created_by_username) VALUES ('$en', '$ws', '$c', '$ed', '$random_logo_name', NOW(), '$uid', '$un' )";
							$r = mysqli_query ($dbc, $q3) or trigger_error("Query: $q\n<br />MySQL Error: " . mysqli_error($dbc)); // Close of mysqli_num_rows positive
							if (mysqli_affected_rows($dbc) == 1) { // If it ran OK. +1 = 3
								//require_once ('entity_write.php'); //include text from entity_write file
								$entity_name_despaced = str_replace(' ', '_', $en);
                                $entity_id_query = "SELECT entity_id FROM entities WHERE entity_name = '$en'";
                                $entity_id_result = mysqli_query ($dbc, $entity_id_query) or 
                                		trigger_error("Query: $entity_id_query\n<br />MySQL Error: " . mysqli_error($dbc));
                                $row = mysqli_fetch_array($entity_id_result, MYSQLI_ASSOC);
                                $entity_id = $row['entity_id'];
                                $redirect_url = BASE_URL . '/entities/entity.php?entity_id=' . $entity_id;
                               	header("Location: $redirect_url");
								exit(); // Quit the script.
								else 	{//if mysqli_affected_rows is not 1
								echo '<p class="error">Your submission could not be processed at this time due to a system error. We apologize for any inconvenience.</p>';
						} else 	{ // the entity name is not available +1-1 = 2
							echo '<p class="error">The entity name that you entered has already been submitted.  Please try submitting a different entity.</p>';
					 else	{ //
						echo '<p class="error">Please fill out the form again.</p>';}
} // 1


<p>Please fill out the following form in order to submit a new entry to the Dataconia database:</p>
	<tr><td class="form_left" style="text-align:right;"><strong>Entity Name</strong>:</td>
	<td class="form_right" style="text-align:left;"><input type="text" name="entity_name" size="40" maxlength="100" value="<?php if (isset($_POST['entity_name'])) echo $_POST['entity_name']; ?>" />	* </td></tr>
	<tr><td class="form_left" style="text-align:right;"><strong>Website</strong>:</td>
	<td class="form_right" style="text-align:left;">http://<input type="text" name="website" size ="33" maxlength="70" value="<?php if (isset($_POST['website'])) {echo $_POST['website'];} ?>" /> </td></tr>
	<tr><td class="form_left"> <strong>Country</strong>: </td><td class="form_right">  <select name="country">
<option value="<?php if (isset($_POST['country'])) {echo '$_POST["country"]';}
							else {echo '...';} ?>">...</option>
include 'includes/country_list.php';

<tr><td class="form_left" style="text-align:right;"><strong>Please write a description for the entity</strong>:</td>
<td><textarea rows="15" cols="60" name="description" value="<?php if (isset($_POST['description'])) echo $_POST['description']; ?>"></textarea></td></tr>
<tr><td class="form left"><strong>Image of Logo (file size 1MB or less):</strong></td>
	<td><input type="file" name="upload" /></td></tr>



Okay so now the files are being rewritten and put into my /entities/images folder but I cannot find any of the temporary files, even though I have commented out their deletion from the script. Does Dreamhost automatically delete the temp files?


PHP automatically deletes the files at the end of the request. (This is why the name of the configuration variable is “upload_tmp_dir”, not “upload_permanent_dir”!) If you want to keep uploaded files, leave upload_tmp_dir alone and use the move_uploaded_file function to copy the files into place.


Understood. Thank you.

I guess it’s not an issue if the temp file is deleted, as long as the permanent file makes it in. If this is expected behavior then I suppose I’m relieved that it’s working the way it’s programmed to!