File name too long while uploading image in database

Question

I have written a line of codes to upload an image in the database, however, trying to upload image gives me this error

File name too long

Following is my code to upload an image to database:

if($_SERVER['REQUEST_METHOD']=="POST")
    {
      $pid          = rand(1000,9000);
      $title        = $_POST['title'];
      $descpt       = $_POST['description'];
      $push         = isset($_POST['send_push']) ? $_POST['send_push'] : "";
      $feature_image = array();
      $fy           = $_POST['fy'];

      if(empty($title) || empty($descpt) || empty($fy))
      {
          array_push($this->errors, MEND_FIELD_ERROR);
          return;
      }

      if(!empty($_FILES['feature_image']['name'][0]))
      {
          $image = $_FILES['feature_image'];
          $allowed_ext = array('jpeg','jpg','png','pdf','docx');
          $allowed_size = 20000000;

          foreach($image['name'] as $pos=>$image_name)
          {
              $dir = "./cdn/uploads/notice/".$title;      
              $tmp = $image['tmp_name'][$pos];
              $img_size = $image['size'][$pos];
              $img_error = $image['error'][$pos];
              $img_ext = explode('.', $image_name);
              $img_name = $img_ext[0];
              $img_ext = strtolower(end($img_ext));


              if(in_array($img_ext, $allowed_ext))
              {
                  if($img_size <= $allowed_size)
                  {
                    if(!file_exists($dir))
                    {
                        mkdir($dir);
                    }
                    $image_new_name = $img_name.'$$'.uniqid('', true).'.'.$img_ext;

                    $upload_destination = $dir.'/'.$image_new_name;
                    if(move_uploaded_file($tmp, $upload_destination))
                    {
                        array_push($feature_image, $image_new_name);
                    }
                    else
                    {
                        array_push($this->errors, $img_error);
                        return;
                    }

                  }
              }
              else
              {
                array_push($this->errors, $img_ext.' is not an allowed file extension.');
                return;
              }
          }
      }

      $s_feature_image = json_encode($feature_image, JSON_UNESCAPED_UNICODE);

      $statement = $this->db->prepare("INSERT INTO `notice` (`pid`,`title`,`descpt`,`date`,`photo`,`fy`)
      VALUES (?,?,?,?,?,?)");         
      if($statement->execute([$pid,$title,$descpt,DAT, $s_feature_image, $fy]))
      {
        if($push == "checked")
        {

            $descpt = strip_tags($descpt);
            $tek = array("message"=>$descpt,"title"=>$title);

            $tokens = $this->getTokens();
            $this->push_notification($tokens,$tek);

        }
        ExitThis::send_to(URL.'notice?id='.$pid);

      }
      else
      {
          array_push($this->errors, DATABASE_ERROR);
          return;
      }
    }

Is it because of permission issue or something else? If so, what is causing me this problem and how do I fix this?

What is the name of the file you are trying to upload or how long is it? — l'L'l, Feb 07 '19 at 08:34
When you have an argument i mean filename longer then 255 chars, apache will check this against your file system limits. — Yassine CHABLI, Feb 07 '19 at 08:42
@I'L'l I am trying to upload file in Nepali character and it is खुम्बु पासाङल्हामु गाउँपालिका वडा नं ३ मा सुद्ध तथा पिउनयोग्य खानेपानी योजनाको उद्घाटन सम्पन्न भएको छ ।/water$$5c5bef4455e4c2.23467901.jpg. — Alisha Lamichhane, Feb 07 '19 at 08:42
https://stackoverflow.com/questions/44448715/limit-file-name-before-uploading-to-server-in-php-html-and-javascript — ﾃﾞﾋﾞｯﾄ, Feb 07 '19 at 08:44
i don't know the caracter encoding of nepali language , but put it in the firt param instead of the empty one bellow$ and try to convert the filename with : $filename = iconv("", "utf-8", $filename); — Yassine CHABLI, Feb 07 '19 at 08:44
@MohammedYassineCHABLI the length of the characters are 138 only. — Alisha Lamichhane, Feb 07 '19 at 08:45
@MohammedYassineCHABLI can we extend the length of characters of MySQL? — Alisha Lamichhane, Feb 07 '19 at 09:09
@MohammedYassineCHABLI you were saying that apache will only allow 255 characters so I am asking if I could extend the characters length in apache or not. — Alisha Lamichhane, Feb 07 '19 at 09:13
take a see here : https://serverfault.com/questions/120397/max-length-of-url-257-characters-for-mod-rewrite — Yassine CHABLI, Feb 07 '19 at 09:14

score -1 · Answer 1 · answered Feb 07 '19 at 08:36

this is how I upload the file into the server and save the file name + extension into the database.

<?php

include 'connection.php';

$id = $_POST['id'];
$imgFile = $_FILES['photo']['name'];
$tmp_dir = $_FILES['photo']['tmp_name'];
$imgSize = $_FILES['photo']['size'];

$folder = 'images/'; // upload directory
$imgExt = strtolower(pathinfo($imgFile, PATHINFO_EXTENSION)); // get image extension
// valid image extensions
$valid_extensions = array('jpeg', 'jpg', 'png', 'gif'); // valid extensions
// rename uploading image
$img = rand(1000, 1000000) . "." . $imgExt;
// allow valid image file formats
if (in_array($imgExt, $valid_extensions)) {
    // Check file size '5MB'
    if ($imgSize < 5000000) {
        move_uploaded_file($tmp_dir, $folder . $img);
    } else {
        $errMSG = "Sorry, your file is too large.";
    }
} else {
    $errMSG = "Sorry, only JPG, JPEG, PNG & GIF files are allowed.";
}

$query = mysqli_query($con, "UPDATE `profile` SET `photo` = '$img' WHERE `id` = '$id'");

if ($query) {
 echo "<script>alert('Profile Updated'); window.location ='index.php?data=profile' </script>";
} else {
    echo "<script>alert('Failed'); window.location ='index.php?data=profile' </script>";
}

?>

Hope this helps. Cheers.

I think you are missing the point. Read OP's question again and check the comments. — Rotimi, Feb 07 '19 at 08:50
You are open to SQL injections with this code and possibly even more. Whilst the temp file won't be uploaded due to failing validation, you still insert it into the database, both `$imgExt` and `$id` are vulnerable. You should never trust client data — Second2None, Feb 07 '19 at 08:53

File name too long while uploading image in database

1 Answers1