Topic: mySql & PHP Problem

[Stephen Sloan]

I'm working on an application that uses PHP as a front end to a mySQL database. Part of the application uploads an image file (jpg) into the database table. I'm getting the following error messages:

"Warning: open_basedir restriction in effect. File is in wrong directory in /home/e-smith/files/ibays/openrealty/html/agentadmin.php on line 141

Warning: fopen("/tmp/phpFbCqoY","rb") - Operation not permitted in /home/e-smith/files/ibays/openrealty/html/agentadmin.php on line 141

Warning: Supplied argument is not a valid File-Handle resource in /home/e-smith/files/ibays/openrealty/html/agentadmin.php on line 141"

Line 141 is: "$data = addslashes(fread(fopen($binFile, "rb"), filesize($binFile)));"

Anyone got any ideas about this error. Is this a restriction on ibays (the application is running in an ibay).

BTW
I'm not much of a programer so keep the replies basic. I'm trying to reconfigure a script I copied from someone else.

[Thor Anthrax]

First of all, MySQL has nothing to do with this problem.

The user which is running apache (www) is not allowed to read the file $binFile. If you fix that, the problem will be solved.

[Luke Drumm]

A search of these forums will reveal a few discussions on the PHP security feature thats currently causing you grief. ( eg http://forums.contribs.org/index.php?topic=12706.msg47725#msg47725 )

Regards,
Luke

[Stephen Sloan]

Thanks Luke, your fix solved my problem. What security implications does this have, especially in light of the recent hole discovered in PHP?

http://security.e-matters.de/advisories/012002.html

[Luke Drumm]

Your guess is as good as mine. I'm not sure whether the current hole allows files outside of the 'sandbox' to be altered or not.

Regards,
Luke