php image uploading into mysql

Question

i have this code. My goal is uploading an image into mysql by using php. This gives error:404. I've checked my code again and again but nothing looks wrong. There are anything wrong with the mysqli_connection, i've tried uploading something else and that worked fine, but for image i have a problem, error:404. Anyone has any ideas about what's the problem here? Note: the current file's name is upload.php

<html>
<head>
  <meta charset="UTF-8">
  <title>Resim Yükleyiniz</title>                        //Upload and image
</head>

<body>
<form action="upload.php" method="post" enctype="multipart/form-data">
    <input type="file" name="resim" value="Resim Seçiniz"> <input type="submit" value="Yükle">                        //choose an image , upload
</form>
</body>

<?php
//getting mysqli connection
$con = mysqli_connect("mysql.hostinger.web.tr","*******-user","*****-password") or die(mysql_error());
mysqli_select_db($con,"********-database name") or die(mysql_error());

$ders = $_GET['ders'];

//getting file content
$dosya = $_FILES['resim']['tmp_name'];
if(isset($dosya)){
  $resim = addslashes(file_get_contents($_FILES['resim']['tmp_name']));

  //control of if the file is an image or not
  $resim_boyutu = getimagesize($_FILES['resim']['tmp_name']);                                         //This gives false if the $dosya is not an image
  if($resim_boyutu == false)
    echo "Lütfen resim türünden bir dosya seçiniz.";
  else {
    if(!mysqli_query($con,"INSERT INTO $ders VALUES ('','$resim')"))                  //uploading image into the table
      echo "Görüntü yüklenirken bir hata oluştu.";
    else
      echo "Görüntü yüklendi";
  }
}

else
  echo "Lütfen resim seçiniz.";

?>

</html>

what you got in print_r($_FILES) ? Do you have any reserved characters (eg spaces, punctuation, non-ASCII) characters in the image name? — Bhavin, Sep 15 '16 at 09:57
@Ayak973 ah really really thanks!!! i've changed a .php file name but forgot to change the connections to it. I've given much time to solve this argh.. Small bugs.. — Taha Sümer, Sep 15 '16 at 10:00
@Ayak973 uhm.. I've corrected it but still the error:404 is coming. Any suggestions? — Taha Sümer, Sep 15 '16 at 10:05
you need to fix your `die` statement. it's currently a `mysql_` statement so will never give you a useful result — Martin, Sep 15 '16 at 11:19
@Martin oh really.. I forgot it thank you. But i think there is not a problem about connecting to database because in another example without image, connection works well, but thank you i will correct it — Taha Sümer, Sep 15 '16 at 11:22
can you show the code where you try and output the image? what exactly gives you a error 404? The image is assumed to be stored in the DB but you need to encapsulate the image as a file to have it displayed by HTML. — Martin, Sep 15 '16 at 11:28
Possible duplicate of [Image Uploading to mysql database using PHP](http://stackoverflow.com/questions/26056870/image-uploading-to-mysql-database-using-php) — MAESTRO_DE, Sep 15 '16 at 11:31
@Marcel1997 no problem in that link is not checking if the file is set or not, but i am already checking it — Taha Sümer, Sep 15 '16 at 11:34
@Martin i haven't passed into showing image yet, i've prepared the code but not haven't run it yet. I want to be sure the uploading works correctly first. The error:404 is not coming because of displaying an image it is an issue about uploading and the problem is in this code but idk where exactly. — Taha Sümer, Sep 15 '16 at 11:38
ok, I need you to explain in more detail what the error 404 refers to? I can't see what it would refer to except when you submit the form and the destination file (`upload.php`) doesn't exist? — Martin, Sep 15 '16 at 11:43
As @Martin said, we cannot troubleshoot your issue if we didnt know from wich requested file you have a 404 response. Just a guess : has your web server enough permission to read the file _upload.php_ ? — Ayak973, Sep 15 '16 at 12:48

score 0 · Answer 1 · edited Sep 15 '16 at 11:18

use getimagesize() or exif_imagetype()

// integer - for example: IMAGETYPE_GIF, IMAGETYPE_JPEG etc.
$type   = exif_imagetype($_FILES['image']['tmp_name']);

or

$info   = getimagesize($_FILES['image']['tmp_name']);
$mime   = $info['mime']; // mime-type as string for ex. "image/jpeg" etc.
$width  = $info[0];      // width as integer for ex. 512
$height = $info[1];      // height as integer for ex. 384
$type   = $info[2];      // same as exif_imagetype

Mind that exif_imagetype is much faster than getimagesize. Check documentation for more info.

score 0 · Answer 2 · edited May 23 '17 at 12:19

Lots to fix here. (I often think I should have signed up to Code Review rather than Stack Overflow)

you have old mysql_ references in your die statement in your code which will never give you a useful response. instead replace with die(mysqli_error($con)).
It is highly recommended to also state database when using mysqli_connect rather than as a separate method call. Read the Manual
You really should be checking for file upload Error codes before acting on the $_FILE data. For example: if($_FILES['resim']['error'] == 0){ process upload }
As you are clearly using non-ascii language it is highly recommended to use accept-charset='utf-8' in your <form> tag.
I recommend reading about saving filedata into MySQL, and I would also recommend that you don't, it's far better and efficient and easier to debug to simply save a reference to a file in the DB and store the image file on the server disc, rather than as a field in a database. Reference.
You need to be extremely careful (read: change, urgently!) having a $_GET value unqualified and plugged straight into your SQL query: INSERT INTO $ders this is a really bad idea and should not be done. At the very least you should remove any invalid or control characters with a Preg_replace Regex, such as:
```
 $ders = preg_replace("/[a-z0-9_]/i","",$_GET['ders']); 
```
What makes you think you need to addslashes to your file_get_contents? I would suggest not adding slashes, instead escaping the data value with:
```
$resim = mysqli_real_escape_string($con, 
         file_get_contents($_FILES['resim']['tmp_name']));
```
Even better would be to use MySQLi Prepared Statements and combine this with Object Orientated Database Programming. This approach comes highly recommended.

I can't provide you any output debugging/help because you have not (yet) stated what causes your Error 404 which you report in your question. Add this data (edit your question) and let me know and then I can revise this.

Additional: Because you're clearly using a non-ascii character set, I would highly recommend spending a bit of time and giving this Stack Overflow Q&A a read through, so you know how to approach database character encodings correctly. This could potentially save you days of stress. I don't think this is an issue with you from the standpoint of this question.

I would also recommend using the mb_string PHP module for making sure PHP correctly handles multibyte strings correctly.

php image uploading into mysql

2 Answers2