Hi all,
This one's been puzzling me for a bit; hope folks can offer some suggestions!
I'm uploading some video details and a thumbnail image to a database using prepared statements. When I do the upload, everything appears to work perfectly -- no SQLi errors or anything -- yet, when I look at the database, I notice that my image_contents field (which is a BLOB) reads [BLOB - 0], which suggests that it's empty.
On a hunch, I print_r'd both the $_POST and $_FILES arrays, as well as file_get_contents($_FILES['thumbnail_file']['tmp_name']). All fields are filled properly, and the file_get_contents() returns crazy-looking characters, which I assume means that it works as well. So, I'm a bit stumped. Here's the code I'm using:
function add_new_video() {
$image = $_FILES['thumbnail_file']['tmp_name']; // pass this file name to getimagesize() to determine the mime-type
$size_array = getimagesize($image);
$thumbnail_mimetype = $size_array['mime'];
$thumbnail_contents = file_get_contents($image);
$thumbnail_filesize = $size_array[3];
$thumbnail_filename = $_FILES['thumbnail_file']['name'];
$title = $_POST['title'];
$summary = $_POST['summary'];
// Checkbox...
if(!empty($_POST['demo_reel'])) {
$demo_reel = $_POST['demo_reel'];
}
else {
$demo_reel = 0;
}
$query = "INSERT INTO videos (title, summary, thumbnail_filename, thumbnail_filesize, thumbnail_mimetype, thumbnail_contents, demo_reel) VALUES(?, ?, ?, ?, ?, ?, ?)";
if($stmt = $this->conn->prepare($query)) {
$stmt->bind_param('sssssbi', $title, $summary, $thumbnail_filename, $thumbnail_filesize, $thumbnail_mimetype, $thumbnail_contents, $demo_reel);
$stmt->execute();
if($stmt->affected_rows == 1) {
return true;
}
else {
return false;
}
}
}
Thanks for reading, and any advice is greatly appreciated!