Image Upload Help

[AjACK]

So I made a working image uploading script it saves it to a database, now it works perfectly fine in PC but when you are on mobile device it won't allow images to be uploaded. I think I added all the right image types not sure if this is a code issue or something else any help would be great!

 

<?php 
require_once "config/config.php";
db_connect();
check_auth();
$msg = '';
$id = $_SESSION['id'];

if($_SERVER['REQUEST_METHOD'] == 'POST')
{
$tmpName = $_FILES['pro_img']['tmp_name'];
//read the file
$fp      = fopen($tmpName, 'r');
$pro_img = fread($fp, filesize($tmpName));
fclose($fp);
if(($_FILES['pro_img']["type"] == "image/jpeg" || $_FILES['pro_img']["type"] == "image/png" || $_FILES['pro_img']["type"] == "image/pjpeg" || $_FILES['pro_img']["type"] == "image/X-PNG" || $_FILES['pro_img']["type"] == "image/svg+xml"))
{
$sql = "Update accounts SET pro_img = ? WHERE id = ?";

$statement = $conn->prepare($sql);
$null = NULL; 
$statement->bind_param('bi', $null, $id);
$statement->send_long_data(0, $pro_img); 
$statement->execute();
$check = mysqli_stmt_affected_rows($statement);
 if($check == 1){
   redirect_to("dashboard.php?img=uploaded");
   $msg = 'Image was uploaded';
   
 }else{
   redirect_to("dashboard.php?img=failed");
   $msg = 'Something went wrong!';
   
 }
}else{
  redirect_to("dashboard.php?img=wrong_type");
  $msg = 'File type not supported';
  
}
}
?>

 

[requinix]

2 hours ago, AjACK said:

when you are on mobile device it won't allow images to be uploaded

Exactly what does "won't allow" mean? Do you see one of your error messages? Which one?

[AjACK]

13 hours ago, requinix said:

Exactly what does "won't allow" mean? Do you see one of your error messages? Which one?

I get the second error message. Something went wrong

[phppup]

I would think that if the code was successful on PC then the issue causing the problem is NOT the code.

Although altering the code and checking for other errors might help.

Have you tested the upload process on mobile with different size images?  Perhaps the movie has internal settings to limit duration and size of transfers.

Is the mobile giving the same results when used through your service provider as it does it connected to WiFi? (Be sure to clear cache BEFORE testing out you may get unreliable results.)

[mac_gyver]

firstly, it's generally a bad idea to store files in a database. the extra work you have to do to get them in and every time you retrieve them is not worth the trouble. also, when you create a .sql dump of a database, blob data is output as hex, requiring twice as many character-bytes as the actual blob data. simply store the files in the filesystem, that's what it's for.

do you have error handling for all the database statements that can fail - connection, query. prepare, and execute, so that you will know if and why they are failing? without any error handling for the execute call, the number of affected rows won't be 1 if the execution of the query fails. the simplest way of adding error handling for these statements, without adding logic at each one, is to use exceptions for errors and in most cases simply let php catch and handle the exception, where php will use its error related settings to control what happens with the actual error information (database statement errors will 'automatically' get displayed/logged the same as php errors.)

to enable exceptions for errors for the mysqli extension, add the following line of code before the point where you make the database connection -

mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);

if you read the php.net documentation examples for mysqli stmt send_long_data(), you will find that you should loop to read and send the file in chunks if the size of the file (actually the total size of all column values) exceeds the max_allowed_packet setting on the database server. this setting can be set to anything on any particular database server (the default size has changed from 1Mb to 64Mb over time.) you need to validate/test the size of the uploaded file so that you will know if it will fit in the defined size of the database column (if it's too large, that's a user error and you should setup a message telling the user what was wrong with the data that they submitted and not attempt to use the data in your code) , and you also need to loop to read chunks of the file and call send_long_data() multiple times.

some additional points about the code -

1. if the total size of the form data exceeds the php post_max_size setting, both the $_FILES and $_POST arrays will be empty. your code MUST test for this condition before referencing any of the form data
2. you MUST make sure that the file actually uploaded without any errors before using any of the uploaded file information. the ['error'] element will be a zero (UPLOAD_ERR_OK). you should actually set up user error messages for all the possible ['error'] values. they can be found in the documentation.
3. if you are going to read the file using code, you need to first use is_uploaded_file() to make sure that the file was actually uploaded through the server/php.
4. the ['type'] value comes from whatever submitted the data to the web server, it can be nefariously set to anything and cannot be trusted. you should always determine the mime type of the actual uploaded file using your own code.
5. if you do have a case where a value can be one of several different choices, put the choices in an array, then use in_array() to test if the value is one of the possible choices.
6. the redirects indicate that the form and form processing code are on different pages. if you put them on the same page, it will simplify all the code, provide a better user experience, and be more secure.
7. since you are redirecting (assuming that they are 'working'), the $msg variable in the posted code isn't doing anything. you should actually put user/validation errors into an array variable, using the field name as the array index. then test and display the contents of this variable at the appropriate location in the html document.