0

I am having trouble getting my code to work with my database. I'm almost certain its just punctuation because the video our professor gave us was too small. I am using the blob type and the images are less than 1mb. This is what I have and its just the last few items I am trying to put in the database that arent functioning. Its telling me that I can't use empty values. These are the errors I am getting:

Warning: fopen() [function.fopen]: Filename cannot be empty in /home/wequpstu/public_html/admin/portfolioForm.php on line 100

Warning: fread() expects parameter 1 to be resource, boolean given in /home/wequpstu/public_html/admin/portfolioForm.php on line 101

Warning: fclose() expects parameter 1 to be resource, boolean given in /home/wequpstu/public_html/admin/portfolioForm.php on line 102

$handle = fopen($_FILES['imgPhoto']['tmpName'], "r");
        $image = fread($handle, filesize($_FILES['imgPhoto']['tmpName']));
        fclose($handle);

        $image = mysqli_real_escape_string($dbConnection, $image);
        mysqli_query($dbConnection, "INSERT INTO portfolio (title, shortDescription,     longDescription, image, imageName, imageType, imageSize) VALUES ('$_POST[txtTitle]', '$_POST[txtShortDescription]', '$_POST[txtLongDescription]', '$image', '" . $_FILES['imgPhoto']['name'] ." ',  ' " . $_FILES['imgPhoto']['type']. " ',  '" . $_FILES['imgPhoto']['size']."'  )");

        echo "<p style=\"text-align: center; font-size: 11px;\">Thanks for filling out form!</p>";
        echo "</fieldset></form>" ;
Improve this question
2
  • Please add the following information to your Question - How large are the images (in KB) ? What is the field type and size that you are trying to store the binary data into ? Commented Apr 20, 2014 at 4:30
  • $_FILES['imgPhoto']['tmpName'] is empty. You can print the array for debugging with print_r($_FILES); Commented Apr 20, 2014 at 4:33

1 Answer 1

Reset to default
1

A couple of issues with your code that may be causing the problem is as follows:

  • Do not EVER escape binary data prior to insertion
  • Inserting binary data from an upload into the database is a huge no-no. This can inadvertently lead to some very malicious attacks on your server that extend beyond simple SQL injection.

That being said, it is not know what the field type is that you are trying to store into, nor how large the image file is. Storing a 2GB upload as a field in a database is probably not a wise idea, but if you wanted to store large images, it is recommended to stream the data into a BLOB field.

For smaller files, you can base64_encode them safely into TEXT fields or VARCHAR if allocated enough space. When reading the data back out, you can use base64_decode or if just displaying the image in a page, you can insert it like this :

// get the base64 data from the database field named 'image'
$image = $row['image'];

// echo out an image tag containing the base64 encoded image. no decoding required
echo '<img src="data:image/png;base64,' . $image . '">';

Another tactic is you could convert the binary data to hex using bin2hex() and then store that. When reading back out of the database, you can use hex2bin()

To help decide which method will work best for you, you should read this article that explains when to use base64 . The hex2bin and bin2hex methods do not have the same limitation that base64 does, so they are more suitable for encoding very large binary data.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

Also, do escape your other POST vars.
@DavidHoude - correct. If using prepared statements, and filter_var then escaping is not required.
Updated this solution to provide an alternative for storing large images, added some links to the various php commands and a reference to assist in determining which method is more suitable.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.