Need Help With Storing File in Database with PHP

[$Three3]

Hey everyone, I am having trouble with this script I am running. I am trying to store pdf's and image files in my MySQL database but I keep getting crazy output in my browser. So to break everything down, here is my database setup for just the file storage part:

 

CREATE TABLE students (enrollment_from LONGBLOB NULL)

 

Now, when I try to upload a file and store it in the database in the enrollment_from column, I get an error. Here is the code I am using to upload the file to the databse so it can be stored:

 

//Start the SESSION
session_start() ;

if (!$_SESSION['loggedin']) {
header('Location: http://blah/School/Home.html') ;
exit() ;
}

/*If the user makes it this far, they have succesfully logged in.*/

//Check to see if the form has been submitted
if (isset($_POST['submitted'])) {

//Set the default timezone
date_default_timezone_set('US/Central') ;

//Check to make sure there were no errors with the file upload
if ($_FILES['file']['error'] == 0) {

	if (!$fp = fopen($_FILES['file']['tmp_name'], 'r')) {
		echo '<p>Could Not Open File.</p>' ;
                        exit() ;
	}

	if (!$file_content = fread($fp, $_FILES['file']['size'])) {
		echo '<p>Could Not Read File.</p>' ;
                        exit() ;
	}

	//Connect to the database
	require_once('blah/html/Payments/mysql_connect.php') ;

	//Insert the uploaded content into the database
	$query = "UPDATE students SET enrollment_form = '$file_content' WHERE student_id = " . $_SESSION['student_id'] . " LIMIT 1" ;
	$result = mysqli_query($dbc, $query) ;
	$num = mysqli_affected_rows($dbc) ;

	if ($num == 1) {

		//The query was successful
		//Redirect the user to the upload 2 page where the 2nd document will be uploaded
		header('Location: http://blah/Payments/upload2.php') ;
		exit() ;

	} else {

		//There was an error with the query
		echo '<p>There was an error in the query. Error # 1.</p>' ;

	}

} else {

	//There was an error with the file upload
	echo '<p>There was an error with the file upload. The error # is: ' . $_FILES['file']['error'] . '</p>' ;

}

} else {

//The form has not been submitted
//Display the form

echo '
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Student Payment Center: Upload Enrollment Form</title>
</head>' ;

echo '
<fieldset><legend>Please upload the students enrollment form into the form below.</legend>
<form action="upload.php" method="post" enctype="multipart/form-data">
<input name="MAX_FILE_SIZE" type="hidden" value="8388608">
<p>Upload: <input name="file" type="file"></p>
<input name="submit" type="submit" value="Upload">
<input name="submitted" type="hidden" value="true">
</form>' ;

echo '<p>The student id is: ' . $_SESSION['student_id'] ;

}

?>

 

The error I am getting is this: There was an error in the query. Error # 1. It is my own error. It means there is an error with the query obviously but I am not sure what is wrong with the query. I have googled everything but have found no answers. Any help is greatly appreciated and Thanks in advance.

 

--------------------------------------------------------------------------------------------------------------------------------------------

EDIT

I have been trying to upload every file type possible to see if anything will work, and the olny thing that will seem to work is a file with a .html extension. Why is?

[PFMaBiSmAd]

A) If everything in this post is accurate, you have a column spelled two different ways and would be getting a mysql error.

 

B) If you echo mysql_error() as part of your error reporting logic, php/mysql will tell you why the query failed.

 

C) You must escape all data that is put into a query so that any SQL special characters in it does not break the SQL syntax. I can just about guarantee that binary file data will contain a number of values that must be escaped. See this link - mysql_real_escape_string

[KevinM1]

I wouldn't store those files in a database at all.  Simply upload them to a directory and use the db to keep track of their individual locations within that directory.