PHP - file_get_contents(): Filename cannot be empty

Question

Can someone help me to handle this error? I don't know what method or way to get rid of this error. Im new to php and starting to learn it. Can someone give me ideas?

here is the error :

here is my php code.

<?php

include_once('connection.php');

 $newsid = $_GET['news_id'];

    if(isset($_POST['esubmit'])){
        /* create a prepared statement */
        if ($stmt = mysqli_prepare($con, "SELECT * FROM news WHERE news_id = ? LIMIT 1")) {
            /* bind parameters */
            mysqli_stmt_bind_param($stmt, "s", $newsid);

            /* execute query */
            mysqli_stmt_execute($stmt);

            /* get the result set */
            $result = mysqli_stmt_get_result($stmt);

            /* fetch row from the result set */
            $row = mysqli_fetch_array($result);
        }

    }


    if(isset($_POST['update'])){

        if(isset($_FILES['image'])){
          $file=$_FILES['image']['tmp_name'];
          /* Below is the line 30 causing the error*/
          $image = addslashes(file_get_contents($_FILES['image']['tmp_name']));
          $image_name= addslashes($_FILES['image']['name']);
          move_uploaded_file($_FILES["image"]["tmp_name"],"img/" . $_FILES["image"]["name"]);
          $newsimage="img/" . $_FILES["image"]["name"];

          $title = $_POST['titles'];
          $date = $_POST['dates'];
          $content = $_POST['contents'];

          $sql ="UPDATE news SET news_title ='$title', news_date ='$date', news_content = '$content', news_image ='$newsimage' WHERE news_id = '$newsid'";
          mysqli_query($con, $sql);
          echo "oh it worked ";
        }
        else{
          $title = $_POST['titles'];
          $date = $_POST['dates'];
          $content = $_POST['contents'];
          $sql ="UPDATE news SET news_title ='$title', news_date ='$date', news_content = '$content' WHERE news_id = '$newsid'";
          mysqli_query($con, $sql);
          echo "oh it worked again ";
        }

    }
?>
<!DOCTYPE HTML>
<html>
<head>
</head>
<body>

<?php

    if(isset($_POST['esubmit'])){
        ?>

        <form method="post" action ="edit2.php?news_id=<?php echo $row['news_id']; ?>" enctype="multipart/form-data">
            Title<input type ="text" name ="titles" value="<?php echo $row['news_title']; ?>"/><br>
            Date<input type ="text" name="dates" value="<?php echo $row['news_date']; ?>" /><br>
            Content<textarea name="contents"><?php echo $row['news_content']; ?></textarea>
            <input class="form-control" id="image" name="image" type="file" accept="image/*" onchange='AlertFilesize();'/>
            <img id="blah" src="<?php echo $row['news_image']; ?>" alt="your image" style="width:200px; height:140px;"/>

            <input type="submit" name="update" value="Update" />
        </form>

        <?php
    }

?>

<script src="js/jquery-1.12.4.min.js"></script>
<script src="js/bootstrap.min.js"></script>
<script type="text/javascript">
    function readURL(input) {
        if (input.files && input.files[0]) {
            var reader = new FileReader();

            reader.onload = function (e) {
                $('#blah').attr('src', e.target.result);
            }

            reader.readAsDataURL(input.files[0]);
        }
    }

    $("#image").change(function(){
        readURL(this);
    });
    </script>
</body>
</html>

`$_FILES['image']['tmp_name']` returns a temporary file, echo it out to see the kind of data it returns and it'll be clear what the error means. Also, why are you attempting to get the contents when you're not using `$image` again? — Jamie Bicknell, Jul 01 '16 at 13:18
You're using `mysqli_stmt_bind_param()` in your first query... why oh why aren't you using it for your other queries??? Your other queries are just adding the POST vars directly to the query string, making you wide open to SQL injection attack. — Simba, Jul 01 '16 at 13:19
You should also check the `length` of `$_FILES['image']` array in the condition `if(isset($_FILES['image'])){` — ADreNaLiNe-DJ, Jul 01 '16 at 13:21
@Martin i already edit it my questions sir. Please check again thanks. — nethken, Jul 01 '16 at 13:21
Try `!empty($_FILES['image'])` instead of `isset($_FILES['image'])` — apokryfos, Jul 01 '16 at 13:24
The if statement there is working when im uploading new image. But when i didn't change the image and update it, the error is showing... — nethken, Jul 01 '16 at 13:27

Martin · Accepted Answer · 2016-07-01T13:34:03.307

6

Why are you adding slahes to your (temporary) filename?

your line 30:

$image= addslashes(file_get_contents($_FILES['image']['tmp_name']));

So to remove the error warning:

if(!empty($_FILES['image']['tmp_name']) 
     && file_exists($_FILES['image']['tmp_name'])) {
    $image= addslashes(file_get_contents($_FILES['image']['tmp_name']));
}

There is a LOT of other things you can / should do with this code but I can't go over it in too much detail with you, but basically you should check that $_FILES['image']['error'] == 0 to ensure that code only runs if the file has been successfully uploaded.
Replace
```
  if(isset($_FILES['image'])){
```

With an error check:

   if($_FILES['image']['error'] == 0){

Which will mean that only an OK uploaded file will then run the IF statement contents

Stop adding slashes, it's not needed.
Use prepared statements for your SQL queries.
Move_uploaded_file should in a perfect world be given an absolute path rather than a relative path.
Do you realise that you're file_get_contents is getting the data in a file, not a referece but the actual binary file data. This looks like it's not what you need to be doing at this stage. Your $image value isn't clearly used in the code you provide and as rightly pointed out by apokryfos, you're actually adding slashes to the retrieved filedata of the image. This is going to simply make your $image a garbled mess.

edited Jul 01 '16 at 13:34

answered Jul 01 '16 at 13:26

Martin

22,212
11
70
132

2

He's not adding slashes to the temporary filename he's adding slashes to the contents of the temporary file. Why is still a mystery, since it will break the image probably. – apokryfos Jul 01 '16 at 13:27
That behaviour by the OP's actually *more* confusing! haha – Martin Jul 01 '16 at 13:29
It worked already sir no errors. But where do i put the if($_FILES['image']['error'] == 0)? – nethken Jul 01 '16 at 13:33
@nethken you replace the quoted if statement with the one using the error array feedback – Martin Jul 01 '16 at 13:34
@nethken it will be a good learning exercise to go through each line of code in your page (as displayed here) and for each function ask *what does this do?* and then *what do I do with the result of this code line?* and ask *What result do I need*? There is a lot of code in your question that is unneeded or doesn't seem to have a clear purpose. – Martin Jul 01 '16 at 13:36
I just watched a tutorial about that code :( Just a hobby – nethken Jul 01 '16 at 13:38
@nethken the thing with code is that you improve by reassessing your own work, as much as by watching tutorials, always make time to go back to work you've already done (such as above) and going over it again and asking the sort of questions I ask in the comment above, it can help you establish a clear logic process in your head, which makes writing the code a clearer, smarter and less frustrating experience `:-)` – Martin Jul 01 '16 at 13:44
Yes sir i'll do it. If u look at my queries you can actually see im a newbie haha. I'll just transfer from c# to php. Im just a student tho. Thanks for ur tips sir. Cheers :D – nethken Jul 01 '16 at 13:46
@nethken no worries, everyone was a newbie once! Have a good one :-) – Martin Jul 01 '16 at 13:51
Let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/116200/discussion-between-nethken-and-martin). – nethken Jul 01 '16 at 13:56
@Martin I had tried this logic in my form only attachment is coming other fields are not coming in the mail. Can you please view my question. https://stackoverflow.com/q/58129139/9004424 – Husna Sep 30 '19 at 05:36

score 6 · Answer 2 · edited Jan 28 '20 at 23:55

If others still have this issue. That fixed it for me. Change your php.ini file to

; Maximum allowed size for uploaded files.
upload_max_filesize = 40M

; Must be greater than or equal to upload_max_filesize
post_max_size = 40M

Explanation: The default setting for the php.ini file is

; Maximum allowed size for uploaded files.
upload_max_filesize = 2M

That's why you can't upload images larger than 2 MB. For Windows you can just search for php.ini in the search bar in the menu bar at the bottom. Then edit the properties with an editor.

score 0 · Answer 3 · answered May 01 '19 at 10:48

For the file_get_contents($_FILES['image']['tmp_name']) to give you an error of cannot be empty it means that it has has no file or nothing has been attached to it in the html part of the code. So check if first of all you have attached anything to it by echoing the value file_get_contents($_FILES['image']['tmp_name']).

score 0 · Answer 4 · answered Jul 03 '19 at 09:42

0

<?php 
ini_set( 'display_errors', 0 );
error_reporting( E_ALL );
?>

answered Jul 03 '19 at 09:42

Arunprasanth M

29
5

1

Can you explain what that code does? How does it solve the given error message? – Nico Haase Jul 03 '19 at 15:18

PHP - file_get_contents(): Filename cannot be empty

4 Answers4