[RESOLVED] Supplied argument not valid resource?

john1704

I'm making an upload script to insert into my MySQL database, but it keeps on giving me an error message. "Warning: fread(): supplied argument is not a valid stream resource in /home/john1704/public_html/photos/upload.php on line 29"

Here's the code I'm using:

<?php
include "db_connect.php";
$sql = 'SELECT * FROM `Member` LIMIT 0, 30 ';
		$result = mysql_query($sql);

	while ($row=mysql_fetch_array($result))
	{
		$username=$row["loginName"];

}
?>
<form method="post" enctype="multipart/form-data">
<table width="350" border="0" cellpadding="1" cellspacing="1" class="box">
<tr> 
<td width="246">
<input name="userfile" type="file" name="Picture">
</td>
<td width="80"><input name="submit" type="submit" class="box" id="upload" value=" Upload "></td>
</tr>
</table>
Now uploading: <?php echo $username; ?>
</form>


<?php
if ($submit) {
If($Picture != "none") { 
$PSize = filesize($Picture); 
$mysqlPicture = addslashes(fread(fopen($Picture, "r"), $PSize)); 
mysql_query("INSERT INTO photoalbum (loginName, Image) VALUES ('$username','$mysqlPicture')") or die("Can't Perform Query, $username"); 
} 
else { 
echo "You did not upload any picture"; 
} 
}
?>

bradgrafelman

When posting PHP code, please use the board's [PHP][/PHP] bbcode tags - they make the code much, much easier to read (as well as aiding the diagnosis of syntax errors). You should edit your post now and add these bbcode tags to help others in reading/analyzing your code.
It's easier to use [man]file_get_contents/man to read the contents of a file into a variable.
Where do you ever define $submit or $Picture ? If these variables work, you need to turn off register_globals in your php.ini file. This is a security risk and has long ago been deprecated. Instead, you should use the superglobal arrays (such as $_POST, in this case).
Take a look at this manual page: [man]features.file-upload[/man]. It shows you the different array indeces available when a file is uploaded. You want to use the temprary filename, as this is the path to the uploaded file on your server.
You should always use [man]mysql_real_escape_string/man instead of [man]addslashes/man when dealing with a MySQL database.
You never check to see that the picture was uploaded successfully. See this page for more information about the errors returned: [man]features.file-upload.errors[/man].
In your MySQL query, you have a loop that fills a variable called $username with the results from the query. Since you don't use this variable until outside of the loop, you only get the last value retrieved. What's the purpose of this?

john1704

Got it. The only reason I used the code tag was because HTML was in it.
I'll use file_get_contents instead, if you say so.
$submit is the variable for the submit button, it's telling that it the same page is loaded and posting something, the if ($submit) statement is used to perform that action. $Picture is the name of the file.
Too confusing. Funny thing is that I got this code to work before, but it was accidentally deleted by my hosting service (idiots).
I'll use that instead
I thought or die() would check it, but I'll add in more error functions.
Wait, so you can't use a variable more than once with a loop? I thought it could be used multiple times? I'll I'm trying to do is select a field and a certain row from a MySQL database, and using it as a variable.

See, this code worked before but I don't know how I did it, that's why I came here. Hopefully, I was trying to get someone to simply a fix a small error I made.

john1704

Oh, and if it helps, I'm using this tutorial.

laserlight

3. $submit is the variable for the submit button, it's telling that it the same page is loaded and posting something, the if ($submit) statement is used to perform that action. $Picture is the name of the file.

As bradgrafelman noted, such usage relies on register_globals being set to on in php.ini, and this leaves PHP scripts susceptible to variable poisoning. In this case, use $POST['submit'] and $FILES['Picture'] instead. This is how I might write it:

if (isset($_POST['submit'], $_FILES['Picture'])) {
    if ($_FILES['Picture']['error'] == UPLOAD_ERR_OK) {
        // Proceed with the uploaded file.
    } else {
        // Handle file upload error.
    }
}

7. Wait, so you can't use a variable more than once with a loop? I thought it could be used multiple times? I'll I'm trying to do is select a field and a certain row from a MySQL database, and using it as a variable.

Of course you can use a variable more than once in a loop. However, when the loop ends, the value of that variable would be what it was on the last iteration of the loop. Since you are assigning to $username on each iteration, all the iterations except the last one would have no net effect (other than to slow down your script).

bradgrafelman

john1704 wrote:
1. Got it. The only reason I used the code tag was because HTML was in it.

Quite alright - the syntax higherlighter can tell the difference

john1704 wrote:
this code worked before but I don't know how I did it

register_globals was probably on but is not anymore. That's why the first thing you should do is use the superglobals as laserlight showed above.

john1704

bradgrafelman wrote:
Quite alright - the syntax higherlighter can tell the difference
register_globals was probably on but is not anymore. That's why the first thing you should do is use the superglobals as laserlight showed above.

Oh, I know the problem. I switched hosting services, and the php.ini file might have been configured differently!

Should only inserting register_globals = On be alright in the php.ini file?

laserlight

Should only inserting register_globals = On be alright in the php.ini file?

Probably, but the better solution is to change your code.

bradgrafelman

john1704 wrote:
Should only inserting register_globals = On be alright in the php.ini file?

I'll go further than "probably" and say that this is actually a bad idea.

See this page: [man]register_globals[/man] for an introduction to the dangers of having this directive enabled. For more information, Google terms such as "php register globals exploit".