PHP - file_get_contents(): Filename cannot be empty

Question

Can someone help me to handle this error? I don't know what method or way to get rid of this error. Im new to php and starting to learn it. Can someone give me ideas?

here is the error :

here is my php code.

<?php

include_once('connection.php');

 $newsid = $_GET['news_id'];

    if(isset($_POST['esubmit'])){
        /* create a prepared statement */
        if ($stmt = mysqli_prepare($con, "SELECT * FROM news WHERE news_id = ? LIMIT 1")) {
            /* bind parameters */
            mysqli_stmt_bind_param($stmt, "s", $newsid);

            /* execute query */
            mysqli_stmt_execute($stmt);

            /* get the result set */
            $result = mysqli_stmt_get_result($stmt);

            /* fetch row from the result set */
            $row = mysqli_fetch_array($result);
        }

    }


    if(isset($_POST['update'])){

        if(isset($_FILES['image'])){
          $file=$_FILES['image']['tmp_name'];
          /* Below is the line 30 causing the error*/
          $image = addslashes(file_get_contents($_FILES['image']['tmp_name']));
          $image_name= addslashes($_FILES['image']['name']);
          move_uploaded_file($_FILES["image"]["tmp_name"],"img/" . $_FILES["image"]["name"]);
          $newsimage="img/" . $_FILES["image"]["name"];

          $title = $_POST['titles'];
          $date = $_POST['dates'];
          $content = $_POST['contents'];

          $sql ="UPDATE news SET news_title ='$title', news_date ='$date', news_content = '$content', news_image ='$newsimage' WHERE news_id = '$newsid'";
          mysqli_query($con, $sql);
          echo "oh it worked ";
        }
        else{
          $title = $_POST['titles'];
          $date = $_POST['dates'];
          $content = $_POST['contents'];
          $sql ="UPDATE news SET news_title ='$title', news_date ='$date', news_content = '$content' WHERE news_id = '$newsid'";
          mysqli_query($con, $sql);
          echo "oh it worked again ";
        }

    }
?>
<!DOCTYPE HTML>
<html>
<head>
</head>
<body>

<?php

    if(isset($_POST['esubmit'])){
        ?>

        <form method="post" action ="edit2.php?news_id=<?php echo $row['news_id']; ?>" enctype="multipart/form-data">
            Title<input type ="text" name ="titles" value="<?php echo $row['news_title']; ?>"/><br>
            Date<input type ="text" name="dates" value="<?php echo $row['news_date']; ?>" /><br>
            Content<textarea name="contents"><?php echo $row['news_content']; ?></textarea>
            <input class="form-control" id="image" name="image" type="file" accept="image/*" onchange='AlertFilesize();'/>
            <img id="blah" src="<?php echo $row['news_image']; ?>" alt="your image" style="width:200px; height:140px;"/>

            <input type="submit" name="update" value="Update" />
        </form>

        <?php
    }

?>

<script src="js/jquery-1.12.4.min.js"></script>
<script src="js/bootstrap.min.js"></script>
<script type="text/javascript">
    function readURL(input) {
        if (input.files && input.files[0]) {
            var reader = new FileReader();

            reader.onload = function (e) {
                $('#blah').attr('src', e.target.result);
            }

            reader.readAsDataURL(input.files[0]);
        }
    }

    $("#image").change(function(){
        readURL(this);
    });
    </script>
</body>
</html>

Answer 1

Why are you adding slahes to your (temporary) filename?

your line 30:

$image= addslashes(file_get_contents($_FILES['image']['tmp_name']));

So to remove the error warning:

if(!empty($_FILES['image']['tmp_name']) 
     && file_exists($_FILES['image']['tmp_name'])) {
    $image= addslashes(file_get_contents($_FILES['image']['tmp_name']));
}

• There is a LOT of other things you can / should do with this code but I can't go over it in too much detail with you, but basically you should check that $_FILES['image']['error'] == 0 to ensure that code only runs if the file has been successfully uploaded.

• Replace

    if(isset($_FILES['image'])){
  

With an error check:

   if($_FILES['image']['error'] == 0){

Which will mean that only an OK uploaded file will then run the IF statement contents

• Stop adding slashes, it's not needed.

• Use prepared statements for your SQL queries.

• Move_uploaded_file should in a perfect world be given an absolute path rather than a relative path.

• Do you realise that you're file_get_contents is getting the data in a file, not a referece but the actual binary file data. This looks like it's not what you need to be doing at this stage. Your $image value isn't clearly used in the code you provide and as rightly pointed out by apokryfos, you're actually adding slashes to the retrieved filedata of the image. This is going to simply make your $image a garbled mess.

Answer 2

If others still have this issue. That fixed it for me. Change your php.ini file to

; Maximum allowed size for uploaded files.
upload_max_filesize = 40M

; Must be greater than or equal to upload_max_filesize
post_max_size = 40M

Explanation: The default setting for the php.ini file is

; Maximum allowed size for uploaded files.
upload_max_filesize = 2M

That's why you can't upload images larger than 2 MB. For Windows you can just search for php.ini in the search bar in the menu bar at the bottom. Then edit the properties with an editor.