nethken nethken - 5 months ago 97
PHP Question

PHP - file_get_contents(): Filename cannot be empty

Can someone help me to handle this error? I don't know what method or way to get rid of this error. Im new to php and starting to learn it. Can someone give me ideas?

here is the error :
enter image description here

here is my php code.

<?php

include_once('connection.php');

$newsid = $_GET['news_id'];

if(isset($_POST['esubmit'])){
/* create a prepared statement */
if ($stmt = mysqli_prepare($con, "SELECT * FROM news WHERE news_id = ? LIMIT 1")) {
/* bind parameters */
mysqli_stmt_bind_param($stmt, "s", $newsid);

/* execute query */
mysqli_stmt_execute($stmt);

/* get the result set */
$result = mysqli_stmt_get_result($stmt);

/* fetch row from the result set */
$row = mysqli_fetch_array($result);
}

}


if(isset($_POST['update'])){

if(isset($_FILES['image'])){
$file=$_FILES['image']['tmp_name'];
/*here is the line 30 causing the error*/ $image= addslashes(file_get_contents($_FILES['image']['tmp_name']));
$image_name= addslashes($_FILES['image']['name']);
move_uploaded_file($_FILES["image"]["tmp_name"],"img/" . $_FILES["image"]["name"]);
$newsimage="img/" . $_FILES["image"]["name"];

$title = $_POST['titles'];
$date = $_POST['dates'];
$content = $_POST['contents'];

$sql ="UPDATE news SET news_title ='$title', news_date ='$date', news_content = '$content', news_image ='$newsimage' WHERE news_id = '$newsid'";
mysqli_query($con, $sql);
echo "oh it worked ";
}
else{
$title = $_POST['titles'];
$date = $_POST['dates'];
$content = $_POST['contents'];
$sql ="UPDATE news SET news_title ='$title', news_date ='$date', news_content = '$content' WHERE news_id = '$newsid'";
mysqli_query($con, $sql);
echo "oh it worked again ";
}

}
?>
<!DOCTYPE HTML>
<html>
<head>
</head>
<body>

<?php

if(isset($_POST['esubmit'])){
?>

<form method="post" action ="edit2.php?news_id=<?php echo $row['news_id']; ?>" enctype="multipart/form-data">
Title<input type ="text" name ="titles" value="<?php echo $row['news_title']; ?>"/><br>
Date<input type ="text" name="dates" value="<?php echo $row['news_date']; ?>" /><br>
Content<textarea name="contents"><?php echo $row['news_content']; ?></textarea>
<input class="form-control" id="image" name="image" type="file" accept="image/*" onchange='AlertFilesize();'/>
<img id="blah" src="<?php echo $row['news_image']; ?>" alt="your image" style="width:200px; height:140px;"/>

<input type="submit" name="update" value="Update" />
</form>

<?php
}

?>

<script src="js/jquery-1.12.4.min.js"></script>
<script src="js/bootstrap.min.js"></script>
<script type="text/javascript">
function readURL(input) {
if (input.files && input.files[0]) {
var reader = new FileReader();

reader.onload = function (e) {
$('#blah').attr('src', e.target.result);
}

reader.readAsDataURL(input.files[0]);
}
}

$("#image").change(function(){
readURL(this);
});
</script>
</body>
</html>

Answer

Why are you adding slahes to your (temporary) filename?

your line 30:

$image= addslashes(file_get_contents($_FILES['image']['tmp_name']));

So to remove the error warning:

if(!empty($_FILES['image']['tmp_name']) 
     && file_exists($_FILES['image']['tmp_name'])) {
    $image= addslashes(file_get_contents($_FILES['image']['tmp_name']));
}
  • There is a LOT of other things you can / should do with this code but I can't go over it in too much detail with you, but basically you should check that $_FILES['image']['error'] == 0 to ensure that code only runs if the file has been successfully uploaded.

  • Replace

      if(isset($_FILES['image'])){
    

With an error check:

   if($_FILES['image']['error'] == 0){

Which will mean that only an OK uploaded file will then run the IF statement contents

  • Stop adding slashes, it's not needed.

  • Use prepared statements for your SQL queries.

  • Move_uploaded_file should in a perfect world be given an absolute path rather than a relative path.

  • Do you realise that you're file_get_contents is getting the data in a file, not a referece but the actual binary file data. This looks like it's not what you need to be doing at this stage. Your $image value isn't clearly used in the code you provide and as rightly pointed out by apokryfos, you're actually adding slashes to the retrieved filedata of the image. This is going to simply make your $image a garbled mess.

Comments