while uploading a image using php and mysql: Warning: file_get_contents(): Filename cannot be empty

Question

when i am trying to upload a image to photos folder i am having this type of warning msg i dont know what to.. This is my php file

if (!isset($_FILES['image']['tmp_name'])) {
    echo "";
    }else{
    $file=$_FILES['image']['tmp_name'];
    $image= mysql_real_escape_string(addslashes(file_get_contents($_FILES['image']['tmp_name'])));
    $image_name= addslashes($_FILES['image']['name']);

            move_uploaded_file($_FILES["image"]["tmp_name"],"photos/" . $_FILES["image"]["name"]);

            $location="photos/" . $_FILES["image"]["name"];

            $save=mysql_query("insert into add values('$location')") or die("can not insert");
            exit();                 
    }

This is my html code

<form method="POST" action='ap.php' enctype="multipart/form-data">
<input name="image" id="image" type="file" />
<input type='submit' name='Add' value='Add'  />
</form>

Answer 1

After removing these two lines. It works fine

$image= mysql_real_escape_string(addslashes(file_get_contents($_FILES['image']['tmp_name'])));
$image_name= addslashes($_FILES['image']['name']);

Answer 2

Your code working fine, Please check for permission as well for 'photos' must be writable. You can also remove following line as it's have no effect.

$image= mysql_real_escape_string(addslashes(file_get_contents($_FILES['image']['tmp_name'])));

Please paste full code as well may be some issue with your connection string or other code.

Answer 3

You don't need to escape thing. Just do like,

if (!isset($_FILES['image']['tmp_name'])) {
    echo "Image not selected ";
  }

else
{
    $file=$_FILES['image']['tmp_name']; // temporary name
    $image_name= $_FILES['image']['name']; // original file name

     move_uploaded_file($_FILES["image"]["tmp_name"],"photos/" . $_FILES["image"]["name"]);

     $location="photos/" . $_FILES["image"]["name"];
     $query = "Write your query here...";
     $save=mysqli_query($connection, $query);
     if($save)
      {
        // success...do whatever you want
       }
     else
      {
         // executes when save fails
       }      
    }

WARNING :

mysql_ is deprecated. Migrate to mysqli_ or PDO. Your code is vulnerable to SQL Injection.

Answer 4

No need of escaping the file name & tmp_name. Simply do -

move_uploaded_file($_FILES["image"]["tmp_name"],"photos/" . $_FILES["image"]["name"]);

$location="photos/" . $_FILES["image"]["name"];

$save=mysql_query("insert into add values('$location')") or die("can not insert");
exit();

Answer 5

No need the following lines:

$image= mysql_real_escape_string(addslashes(file_get_contents($_FILES['image']['tmp_name'])));
$image_name= addslashes($_FILES['image']['name']);

Just removed it and test it will work. You are checking the first if condition its enough.