Aaron

Hi Guys! I've been trying for two weeks to get file uploads to work through php and html forms. I've tried both the move_uploaded_file() method and the ftp_put() method and I haven't gotten either to work. I've also tried exec("cp ..."), but couldn't get that to work either. I've basically cut and pasted the code from the php manual so I'm pretty sure I'm missing something on the server side. I've posted a topic on this in elsewhere on the forum and I apologize if I'm being annoying, but I just need to know how to get either one of these methods to work. I've searched for help on google, and they all either point to the php manual or it's someone else having the exact same problem as me, but nobody was able to help them with it. I am really desperate at this point as I am developing this web application for someone and I need to have it working on my site before I can move forward. Thanks, Aaron

I'm actually pursuing two different methods, first is the move_uploaded_file() method, and next is the ftp_put method(). I'm gonna outline what I know below, just in case there is a flaw in my logic somewhere. In the first case, I use a standard html form, with an input with type=file: ><FORM ACTION='ftp.php?submit=1' METHOD='POST' ENCTYPE="MULTIPART/FORM-DATA"> <INPUT TYPE="FILE" NAME="file"> <BUTTON TYPE="SUBMIT">UPLOAD</BUTTON> </FORM> Once the user clicks on the Upload button, I run this script: >$upload_dir = "public_html/uploads/" $filename = $_FILES['file']['name']; $tempname = $_FILES['file']['tmp_name']; move_uploaded_file($tempname, $upload_dir . $filename); I basically just copied the example off of the php manual for handling file uploads: PHP Manual: Handling File Uploads I tried this locally on my laptop with IIS and PHP, and it works, but it doesn't work on my TCH site. I figure that the problem is either that I need the full path to my account, OR this method is just not supported by TCH. So I then tried PHP's ftp methods. I didn't even use any kind of form: >$ftp_connection = ftp_connect($ftp_server); $login = ftp_login($ftp_connection, $ftp_username, $ftp_password); ftp_put($ftp_connection, "/public_html/uploads/file.doc", "C:\file.doc", FTP_BINARY); That's it. Again, the code is pretty much lifted off the PHP manual. The problems I see here are that I might just need the full path to my folder on the TCH server, or my reference to "C:\file.exe" is just wrong ... I only know the basic differences between the Linux and Windows directory structures ("\" vs. "/", Windows has drive letters), so I might just be missing something there. Thanks for any help on this guys! I'd also appreciate it if the forum moderators could chime in on whether ftp is enabled on the php, and whether or not I do need the full path. Aaron

I'm trying to use the php ftp functions, but I can't seem to get them to work. Is the PHP ftp enabled on the server? I'd really appreciate it if someone who has already used the php ftp functions would share their code cuz I'm really not getting anywhere. Thanks, Aaron

Thanks for replying! The reason why they want to "go online" is they want some parts of the database accessible to the public. Currently, they have potential volunteers submit applications by mail, but they would like the ability to let them apply online. Second, they also want to give volunteers, donors, and others, the ability to update their contact information online. Finally, they want the ability to access the database while "on the road." I realize that the same security issues will be present no matter what route we take. I guess I should present my dilemma this way: I can either a. Use PHP/MySQL - learn about security , or b. Use ASP/Access - learn ASP Thus, my question is, how much do I need to learn about security? If it's not that much, then I will definitely go with the former. You also raise the point I have not even considered: setting up their own database server. I think this is quite possible because they have a T1 connection. Before opening an account with TCH, I hosted my website on my laptop (I had a cable connection then) and it sufficed for a while ... I guess this would be kind of like the same thing? If we do this, is a firewall all we need? Thanks again for your help! Aaron

Hi! I am currently volunteering at a non-profit organization thats wants to convert its MS Access database to a web database application. I would like to use PHP/MySQL to do this, since these are what I am most familiar with, but I know that probably the most practical thing to do is use ASP and keep using the current MS Access database. My biggest concern right now is security: I have practically no experience with security, and this database contains personal information like Social Security Numbers. If security were not much of a concern, then I would defintely go ahead with PHP/MySQL. If we go ASP/Access, there is another volunteer who I will work with, who uses ASP/Access and DOES know about security(he has his own web development company). He will address all security concerns so all I have to do is basically use ASP to make the application. That said, I still want to use PHP/MySQL! So I just want to ask: what do I need to know about security? Since the information will be stored in a MySQL database, am I right to assume that the security of this information is basically out of my control, and is in the hands of the TCH servers (if we do use PHP/MySQL, we will definitely open a TCH account)? Secondly, what do I need to know about SSL? The users will need to add/update information in the database through forms on the website, and I know that I need SSL to make sure the passing of this information is secure. I apologize if I am asking too much; I normally just research online and learn everything by myself. But because this is not a personal project and a whole organization is affected, I just wanted to ask people who have more experience with security concerns. In addition, we need to decide what route we will take asap. Any help/advice would be greatly appreciated! Aaron Romero romero-online.com

Thanks for the replies! I think I'll just stick to the php extension and protect the folder where my includes are through cpanel. I really don't need password protection, as I have no need to access the include files online, so creating/configuring htaccess (and htpasswd) seems like too much work. Aaron

Hi! I use PHP to include my MySQL db usernames and and passwords from a file called (let's say) "password.inc". If someone goes to http://myurl/password.inc, they will be able to see the file. Is there any way to keep people from accessing/viewing password.inc? Right now I plan to rename the file to "password.php" so that if someone types http://myurl/password.php, they won't be able to see the username and password variables being set. But is there a better way to just block people from accessing password.php? I've done some research and it seems adding an .htaccess file is the way to do it. Does totalchoice allow this? (I don't know much about .htaccess) I'm open to suggestions! Thanks, Aaron