-1

I want to insert an image in the database. The field in the database is of type longblob but I constantly get an error.

I changed form method from POST to GET but I still have the same problem. I tried to verify each input name with if(isset()) but I have the same problem.

HTML code

<form  method="post" action="contact.php" enctype="multipart/form-data">
                        <?php
                               if(isset($error)){
                                   foreach($error as $error){
                                       echo '<span class="error-msg">'.$error.'</span>';
                                   };
                               };
                             ?>

                            <div class="control-group">
                                <input type="text" class="form-control border-0 p-4" name ="matricule" required placeholder="Matricule" />
                                <p class="help-block text-danger"></p>
                            </div>
                            <div class="control-group">
                                <input type="text" class="form-control border-0 p-4" name ="residence" required placeholder="Quartier de residence" />
                                <p class="help-block text-danger"></p>
                            </div>
                            <div class="drag-area">
                                <div class="icon"><i class="fas fa-cloud-upload-alt"></i></div>
                                <header>Glisser & Deposser le photo de votre CNI</header>
                                <span>OR</span>
                                <button type="button">Importer Fichier </button>
                                <input type="file" name="image" hidden required >
                              </div>

                              <div class="drag-area1">
                                <div class="icon"><i class="fas fa-cloud-upload-alt"></i></div>
                                <header class="header">Glisser & Deposser la photo de votre recu </header>
                                <span>OR</span>
                                <button class="button" type="button">Importer Fichier </button>
                                <input type="file" name="img" hidden class="input" required >   
                              </div>

PHP code

<?php

@include 'connect.php';
if($_SERVER['REQUEST_METHOD']=="POST")
{
if(isset($_POST['submit'])){ 
  if(isset($_POST['matricule']) || isset($_POST['residence']) || isset($_POST['image']) || isset($_POST['img'])){
        $matricule = $_POST['matricule'];
        $residence = $_POST['residence'];
        $image1 = $_FILES['image']['tmp_name'];
        $image1 = base64_encode(file_get_contents(addslashes($image1)));
        $image2 = $_FILES['img']['tmp_name'];
        $image2 = base64_encode(file_get_contents(addslashes($image2)));
}
     $age = "SELECT *, DATEDIFF(CURDATE(),DATENAISSANCE) AS nbjour FROM etudiant WHERE  MATRICULE = '$matricule'";

     $rb = mysqli_query($conn,$age);

     while($list = mysqli_fetch_array($rb)){
        extract($list);
        $age = floor($nbjour/365);
     }

     $sql ="SELECT * FROM etudiant WHERE MATRICULE = '$matricule'";

     $sqp = "SELECT * FROM candidat WHERE MATRICULE = '$matricule'";

     $result = mysqli_query($conn,$sql);

     $result1 = mysqli_query($conn,$sqp);
     if(mysqli_num_rows($result1) > 0)
      {
        $error[] = "vous avez deja une candidature";
      }
     if(mysqli_num_rows($result) > 0 && $age < 23){
        $insert = "INSERT INTO candidat(MATRICULE,RESIDENCE,CNI,RECUEPAIEMENT) VALUES('$matricule','$residence','$image1','$image2')";
        mysqli_query($conn,$insert);
        $error[] = "Votre candidature a ete envoyer avec success";
    }else
        if($age >= 23){
             $error[] = "Desoler vous ne pouvez plus postuler pour une chambre car vous avez plus de 22 ans".$age;
        // }else
            // if(isset($image1) == false){
            //     $error[] = "Selectionner l'image de votre CNI";
            // }else
            //     if(isset($image2) == false){
            //         $error[] = "Selectionner l'image de vos recus ";
        }else{
            $error[] = "Vous n'etes pas inscrite";
        }
            
}
}
?>

I tried using if(isset($_POST[''])) on all my input name files but it still gives me the same errors.

Sabou
  • 3
  • 4
  • 2
    Your code is vulnerable to SQL injections use PDO or prepared statements to make your queries more sucure – Baracuda078 Dec 23 '22 at 14:17
  • Does this answer your question? [Reference - What does this error mean in PHP?](https://stackoverflow.com/questions/12769982/reference-what-does-this-error-mean-in-php) – AymDev Dec 23 '22 at 14:19
  • Also saving images as base64 in your database is not a great solution. Mostly a base64 image is 30% larger in size thn the image itself. So you will store allot of mb's into your database. You can better upload the image to a directory and store the name in your database – Baracuda078 Dec 23 '22 at 14:19
  • @AymDev , no i can't solve the problem – Sabou Dec 23 '22 at 14:31
  • @Baracuda078, i entered my php.ini file I searched for upload_max_filesize and it is set to 300M – Sabou Dec 23 '22 at 15:15
  • @Baracuda078, i modified my php.ini file as you said but I still have the same problem – Sabou Dec 23 '22 at 15:36
  • Check with `phpinfo()` in your script if the value is indeed changed and where the `php.ini` files is stored. On some Apache (I assume you use this) servers there are multiple php.ini files. I'm not 100% sure if it is required, but it is possible you need to restart your web server to see any changes you made – Baracuda078 Dec 23 '22 at 15:40
  • Please how do I check with phpinfo(), I'm a beginner in php – Sabou Dec 23 '22 at 15:46

1 Answers1

0

I tested your code on my server and the data from the form is just posting.

If the image is not posting on your server then maybe you need to change some settings in your php.ini and check your phpinfo to make sure the limits are correct on your server.

If you type in php phpinfo();, reload the page and then search for upload_max_filesize and post_max_size the value of that is then probably 2M and 8M. The values can be adjusted with the ini_set() function or adjust the value in your php.ini file.

<?php 
// Adjust the values to your needs  
ini_set('post_max_size', '6M');
ini_set('upload_max_filesize', '10M');

Or in php.ini find and change:

post_max_size=6M 
upload_max_filesize=10M

Always make sure that the post limit is a bit higher then your file limit. Also check the allowed number of files your server can handle in 1 post by checking the max_file_uploads value, most times the value is by default 20.

Also to prevent undefined errors always first check if the posted data exist before using it. And also make sure the file that is uploaded is for sure an image.

Storing the images in the database as a base64 string is not the best solution, you can better safe the image after validation in a directory and save the image name in a database column. This will keep your database size allot smaller and will make your application over time allot faster

Baracuda078
  • 677
  • 1
  • 5
  • 10