Solved

Image upload works fine, but blob data incomplete

Posted on 2004-08-22
6
626 Views
Last Modified: 2013-12-12
Ok...here's my problem. I have some code that uploads an image into a MySql DB table. When I initiate the upload, all fields receive their proper data except my mediumblob. I have the MAX_FILE_SIZE var set large enough to accomodate the file upload and the apache setting for uploads is also well within spec for a successful upload. But upon completion of the INSERT INTO query the only data that makes it to the blob field is between 38 to 40 bytes even though the file was originally 103k.

Here is the code I used for this...any help would be greatly appreciated.
-----------------------------------------------------------------------------------------------------------------------------------------------------
include('includes/db_functs_inc.php');

$uploaddir = '/var/tmp/uploads/';
$uploadfile = $uploaddir . $_FILES['userfile']['name'];

print 'Upload File: ' . $uploadfile . '<br>';

print "<pre>";
if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile))
{
   chmod($uploadfile, 0755);
   $sql = 'SELECT * FROM `tblImages`;';
   $dbResult = db_runQuery($sql);

   while($row = mysql_fetch_array($dbResult))
   {
      if($_FILES['userfile']['name'] == $row['imgName'])
      {
         $exists_in_db = true;
      }
      else
      {
         $exists_in_db = false;
      }
   }

   if(!$exists_in_db)
   {
      $ImageDim = getImgSize($uploadfile);
      #create a primary db row entry for the image
      $sql = 'INSERT INTO tblImages VALUES(\'\', \'' . $_POST['desc'] . '\', \'1\', \'';
      $sql .= $_FILES['userfile']['name'] . '\', \'LOAD_FILE("' . $uploadfile . '")\', \'' . $ImageDim[0] . '\', \'' . $ImageDim[1] . '\');';
      db_runQuery($sql);
      #add the image to the created row entry via the user's ID
      print "File ($uploadfile) is valid, and was successfully uploaded.<br>";
      print '<a href="javascript:history.back(\'1\');">Back</a>';
      shell_exec("rm " . $uploadfile);
   }
   else
   {
      print $_FILES['userfile']['name'] . ' already stored in the database.';
      print '<a href="javascript:history.back(\'1\');">Back</a>';
      exit();
   }
}
else
{
   print "Possible file upload attack!  Here's some debugging info:\n";
   print_r($_FILES);
}
print "</pre>";
----------------------------------------------------------------------------------------------------------------------------
As stated earlier, everything runs fine and the new record gets inserted. Its just that the image data being sent using the LOAD_FILE seems to be failing or I am missing something that ensures that the data makes it to the table field completely.

Thanks in advance for any help offered.
0
Comment
Question by:adrian_brooks
  • 4
  • 2
6 Comments
 
LVL 3

Accepted Solution

by:
Boris Aranovich earned 50 total points
Comment Utility
If the MySQL function is failing, try:

$sql = 'INSERT INTO tblImages VALUES(\'\', \'' . $_POST['desc'] . '\', \'1\', \'';
$sql .= $_FILES['userfile']['name'] . '\', \'' . mysql_escape_string(file_get_contents($uploadfile)) . '\', \'' . $ImageDim[0] . '\', \'' . $ImageDim[1] . '\');';

0
 
LVL 12

Author Comment

by:adrian_brooks
Comment Utility
Hi, thanks for the suggestion. Sorry that its taken me so long to get back to you. My schedule is insane. I'll be trying to implement what you left here and if that works, I award you the points for it immediatly.

I'll be getting back in touch tomorrow with whether this worked or not.

Thanks very much Nomaed.

~Adrian
0
 
LVL 12

Author Comment

by:adrian_brooks
Comment Utility
Hi,

Sorry its taken me so long to get with you. Extremely busy.
I tried your suggestion and still the same results.
When I upload with either form of the INSERT INTO sql statement only 46 bytes make it into the blob field even though the original file being uploaded is 103K in size.

Not sure what to look at now. I've checked my MySql settings, PHP settings and even Apache setting yet everything checks out fine.
0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 
LVL 3

Expert Comment

by:Boris Aranovich
Comment Utility
Perhaps there is some issue with the configuration of the apache...
try some upload script, put the file you uploaeded to some folder on the web (don't forget 777), and via FTP check if the file is the same as you uploaded
0
 
LVL 12

Author Comment

by:adrian_brooks
Comment Utility
Does it have to be chmod'ed to to 777 or can it just be 755 or 766?
I current am doing a chmod on the file and setting it to 755.

Thanks
0
 
LVL 12

Author Comment

by:adrian_brooks
Comment Utility
Ok,

I got it to work using your SQL suggestion. The problem was that I was calling a different script for handling the upload, but was modifying the filemgr.php instead of the upload.php script.

Also, I was able to keep the permissions at 755 and it still worked fine. I will be trying it with even tighter permissions like 744 and see if I can still keep it working just for security's sake.

Thanks for all you help.

Adrian
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Things That Drive Us Nuts Have you noticed the use of the reCaptcha feature at EE and other web sites?  It wants you to read and retype something that looks like this.Insanity!  It's not EE's fault - that's just the way reCaptcha works.  But it is …
Part of the Global Positioning System A geocode (https://developers.google.com/maps/documentation/geocoding/) is the major subset of a GPS coordinate (http://en.wikipedia.org/wiki/Global_Positioning_System), the other parts being the altitude and t…
The viewer will learn how to dynamically set the form action using jQuery.
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now