Solved

Image upload works fine, but blob data incomplete

Posted on 2004-08-22
6
655 Views
Last Modified: 2013-12-12
Ok...here's my problem. I have some code that uploads an image into a MySql DB table. When I initiate the upload, all fields receive their proper data except my mediumblob. I have the MAX_FILE_SIZE var set large enough to accomodate the file upload and the apache setting for uploads is also well within spec for a successful upload. But upon completion of the INSERT INTO query the only data that makes it to the blob field is between 38 to 40 bytes even though the file was originally 103k.

Here is the code I used for this...any help would be greatly appreciated.
-----------------------------------------------------------------------------------------------------------------------------------------------------
include('includes/db_functs_inc.php');

$uploaddir = '/var/tmp/uploads/';
$uploadfile = $uploaddir . $_FILES['userfile']['name'];

print 'Upload File: ' . $uploadfile . '<br>';

print "<pre>";
if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile))
{
   chmod($uploadfile, 0755);
   $sql = 'SELECT * FROM `tblImages`;';
   $dbResult = db_runQuery($sql);

   while($row = mysql_fetch_array($dbResult))
   {
      if($_FILES['userfile']['name'] == $row['imgName'])
      {
         $exists_in_db = true;
      }
      else
      {
         $exists_in_db = false;
      }
   }

   if(!$exists_in_db)
   {
      $ImageDim = getImgSize($uploadfile);
      #create a primary db row entry for the image
      $sql = 'INSERT INTO tblImages VALUES(\'\', \'' . $_POST['desc'] . '\', \'1\', \'';
      $sql .= $_FILES['userfile']['name'] . '\', \'LOAD_FILE("' . $uploadfile . '")\', \'' . $ImageDim[0] . '\', \'' . $ImageDim[1] . '\');';
      db_runQuery($sql);
      #add the image to the created row entry via the user's ID
      print "File ($uploadfile) is valid, and was successfully uploaded.<br>";
      print '<a href="javascript:history.back(\'1\');">Back</a>';
      shell_exec("rm " . $uploadfile);
   }
   else
   {
      print $_FILES['userfile']['name'] . ' already stored in the database.';
      print '<a href="javascript:history.back(\'1\');">Back</a>';
      exit();
   }
}
else
{
   print "Possible file upload attack!  Here's some debugging info:\n";
   print_r($_FILES);
}
print "</pre>";
----------------------------------------------------------------------------------------------------------------------------
As stated earlier, everything runs fine and the new record gets inserted. Its just that the image data being sent using the LOAD_FILE seems to be failing or I am missing something that ensures that the data makes it to the table field completely.

Thanks in advance for any help offered.
0
Comment
Question by:adrian_brooks
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
6 Comments
 
LVL 3

Accepted Solution

by:
Boris Aranovich earned 50 total points
ID: 11870603
If the MySQL function is failing, try:

$sql = 'INSERT INTO tblImages VALUES(\'\', \'' . $_POST['desc'] . '\', \'1\', \'';
$sql .= $_FILES['userfile']['name'] . '\', \'' . mysql_escape_string(file_get_contents($uploadfile)) . '\', \'' . $ImageDim[0] . '\', \'' . $ImageDim[1] . '\');';

0
 
LVL 12

Author Comment

by:adrian_brooks
ID: 11887425
Hi, thanks for the suggestion. Sorry that its taken me so long to get back to you. My schedule is insane. I'll be trying to implement what you left here and if that works, I award you the points for it immediatly.

I'll be getting back in touch tomorrow with whether this worked or not.

Thanks very much Nomaed.

~Adrian
0
 
LVL 12

Author Comment

by:adrian_brooks
ID: 11928156
Hi,

Sorry its taken me so long to get with you. Extremely busy.
I tried your suggestion and still the same results.
When I upload with either form of the INSERT INTO sql statement only 46 bytes make it into the blob field even though the original file being uploaded is 103K in size.

Not sure what to look at now. I've checked my MySql settings, PHP settings and even Apache setting yet everything checks out fine.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 3

Expert Comment

by:Boris Aranovich
ID: 11928716
Perhaps there is some issue with the configuration of the apache...
try some upload script, put the file you uploaeded to some folder on the web (don't forget 777), and via FTP check if the file is the same as you uploaded
0
 
LVL 12

Author Comment

by:adrian_brooks
ID: 11931455
Does it have to be chmod'ed to to 777 or can it just be 755 or 766?
I current am doing a chmod on the file and setting it to 755.

Thanks
0
 
LVL 12

Author Comment

by:adrian_brooks
ID: 11931802
Ok,

I got it to work using your SQL suggestion. The problem was that I was calling a different script for handling the upload, but was modifying the filemgr.php instead of the upload.php script.

Also, I was able to keep the permissions at 755 and it still worked fine. I will be trying it with even tighter permissions like 744 and see if I can still keep it working just for security's sake.

Thanks for all you help.

Adrian
0

Featured Post

Don't Cry: How Liquid Web is Ensuring Security

WannaCry is just the start. Read how Liquid Web is protecting itself and its customers against new threats.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Deprecated and Headed for the Dustbin By now, you have probably heard that some PHP features, while convenient, can also cause PHP security problems.  This article discusses one of those, called register_globals.  It is a thing you do not want.  …
Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
The viewer will learn how to dynamically set the form action using jQuery.

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question