0

i have this code. My goal is uploading an image into mysql by using php. This gives error:404. I've checked my code again and again but nothing looks wrong. There are anything wrong with the mysqli_connection, i've tried uploading something else and that worked fine, but for image i have a problem, error:404. Anyone has any ideas about what's the problem here? Note: the current file's name is upload.php

<html>
<head>
  <meta charset="UTF-8">
  <title>Resim Yükleyiniz</title>                        //Upload and image
</head>

<body>
<form action="upload.php" method="post" enctype="multipart/form-data">
    <input type="file" name="resim" value="Resim Seçiniz"> <input type="submit" value="Yükle">                        //choose an image , upload
</form>
</body>

<?php
//getting mysqli connection
$con = mysqli_connect("mysql.hostinger.web.tr","*******-user","*****-password") or die(mysql_error());
mysqli_select_db($con,"********-database name") or die(mysql_error());

$ders = $_GET['ders'];

//getting file content
$dosya = $_FILES['resim']['tmp_name'];
if(isset($dosya)){
  $resim = addslashes(file_get_contents($_FILES['resim']['tmp_name']));

  //control of if the file is an image or not
  $resim_boyutu = getimagesize($_FILES['resim']['tmp_name']);                                         //This gives false if the $dosya is not an image
  if($resim_boyutu == false)
    echo "Lütfen resim türünden bir dosya seçiniz.";
  else {
    if(!mysqli_query($con,"INSERT INTO $ders VALUES ('','$resim')"))                  //uploading image into the table
      echo "Görüntü yüklenirken bir hata oluştu.";
    else
      echo "Görüntü yüklendi";
  }
}

else
  echo "Lütfen resim seçiniz.";

?>

</html>
Improve this question
13
  • what you got in print_r($_FILES) ? Do you have any reserved characters (eg spaces, punctuation, non-ASCII) characters in the image name? Commented Sep 15, 2016 at 9:57
  • Has mat_upload.php Commented Sep 15, 2016 at 9:57
  • @Ayak973 ah really really thanks!!! i've changed a .php file name but forgot to change the connections to it. I've given much time to solve this argh.. Small bugs.. Commented Sep 15, 2016 at 10:00
  • @Ayak973 uhm.. I've corrected it but still the error:404 is coming. Any suggestions? Commented Sep 15, 2016 at 10:05
  • @Bhavin I got a PNG file in $_FILES Commented Sep 15, 2016 at 10:08

2 Answers 2

Reset to default
0

use getimagesize() or exif_imagetype()

// integer - for example: IMAGETYPE_GIF, IMAGETYPE_JPEG etc.
$type   = exif_imagetype($_FILES['image']['tmp_name']);

or

$info   = getimagesize($_FILES['image']['tmp_name']);
$mime   = $info['mime']; // mime-type as string for ex. "image/jpeg" etc.
$width  = $info[0];      // width as integer for ex. 512
$height = $info[1];      // height as integer for ex. 384
$type   = $info[2];      // same as exif_imagetype

Mind that exif_imagetype is much faster than getimagesize. Check documentation for more info.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

Lots to fix here. (I often think I should have signed up to Code Review rather than Stack Overflow)

  • you have old mysql_ references in your die statement in your code which will never give you a useful response. instead replace with die(mysqli_error($con)).

  • It is highly recommended to also state database when using mysqli_connect rather than as a separate method call. Read the Manual

  • You really should be checking for file upload Error codes before acting on the $_FILE data. For example: if($_FILES['resim']['error'] == 0){ process upload }

  • As you are clearly using non-ascii language it is highly recommended to use accept-charset='utf-8' in your <form> tag.

  • I recommend reading about saving filedata into MySQL, and I would also recommend that you don't, it's far better and efficient and easier to debug to simply save a reference to a file in the DB and store the image file on the server disc, rather than as a field in a database. Reference.

  • You need to be extremely careful (read: change, urgently!) having a $_GET value unqualified and plugged straight into your SQL query: INSERT INTO $ders this is a really bad idea and should not be done. At the very least you should remove any invalid or control characters with a Preg_replace Regex, such as:

     $ders = preg_replace("/[a-z0-9_]/i","",$_GET['ders']);

  • What makes you think you need to addslashes to your file_get_contents? I would suggest not adding slashes, instead escaping the data value with:

    $resim = mysqli_real_escape_string($con, 
         file_get_contents($_FILES['resim']['tmp_name']));

  • Even better would be to use MySQLi Prepared Statements and combine this with Object Orientated Database Programming. This approach comes highly recommended.

I can't provide you any output debugging/help because you have not (yet) stated what causes your Error 404 which you report in your question. Add this data (edit your question) and let me know and then I can revise this.

Additional: Because you're clearly using a non-ascii character set, I would highly recommend spending a bit of time and giving this Stack Overflow Q&A a read through, so you know how to approach database character encodings correctly. This could potentially save you days of stress. I don't think this is an issue with you from the standpoint of this question.

I would also recommend using the mb_string PHP module for making sure PHP correctly handles multibyte strings correctly.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.