I am building a basic social media site for a university project and I am at the stage of displaying posts. Currently the posts display using a foreach which creates a series of div tags containing the information about each post from the db. I am now looking to add the images uploaded with these posts onto the page but I am not sure how to go about fetching them.
When the images are uploaded they are placed in a folder in the server called postImages, and are renamed to fit this format:
postID + image number
where image number is determined by how many images the user uploads, starting at 0.
My initial idea was to use scandir() to list all posts and explode their names to fetch the ID but this is much more complex than it had to be as there is another table in the DB called postImages which contains an ID for each post as well as the postID of the post it belongs to, so fetching which images are needed is no problem. However, I am not sure how to go from having the required IDs to actually fetching the image from the folder.
The current code for building the posts:
include 'config.php';
$postsSQL = "SELECT * FROM Post ORDER BY postTime DESC" ;
$result = mysqli_query($connection, $postsSQL);
foreach ($result as $row) {
echo "<div class = 'postContainer' id =".$row['postID'].">";
echo "<div id = 'postTitle' class = 'postTitle'>". "Post Title: ".$row['postTitle']. "</div>";
echo "<div id = 'postDesc' class = 'postDesc'>" . "Post Description: ".$row['postDescription']. "</div>";
echo "<div id = 'postLocation' class = 'postLocation'>" . "Post Location: ".$row['postLocation']. "</div>";
echo "<div id = 'postTime' class = 'postTime'>" . "Posted at: ".$row['postTime']. "</div>";
echo "<div id = 'UserID' class = 'userID'>".$row['UserID']. "</div>";
echo "</div>";
echo "<br>";
}
Thanks for taking a look, and sorry in advance if I've missed any details or this is a simple question.
Serve those images to users as static objects, not directly from PHP.
The first thing you do is make sure your images can be viewed in browsers. In other words, you should be able to use a URL something like
https://oddity.example.edu/uploads/postImages/72_0.png
You need to make that /uploads folder (or what ever you name it) visible to your system's web server.
Next, store the "slug" -- the partial URL -- for your image in your database. For the example above you might store 72_0.png.
Then, when writing out the HTML for your post page, include a tag like this:
<img src="https://oddity.example.edu/uploads/postImages/72_0.png" />
and the browser will retrieve and show the image.
You might be able to use PHP code like this to do that.
$imageRoot = 'https://oddity.example.edu/uploads/postImages/";
...
$imageurl = $imageRoot . $row['imageslug'];
echo '<img class="image" src="$imageurl" />;
Finally, people who store uploaded images for later viewing often use random hard-to-guess filenames for them to slow down web-scraping cybercreeps. That means assigning random file names upon uploads rather than using the naming scheme you mentioned.
Pro tip: avoid mixed-case table, column, and object names. Various file systems (including Windows's NTFS) do various different things with case-sensitivity, and you don't want to see your stuff stop working if you put in on a new server.
Related
I am a newb with 6 months experience, self-taught via StackEx/books/etc. Created a pretty decent website with login/register and storing some info via mySQL. I have been through every single BLOB post here and I have some decent output.
I think I, like most newbs, know enough to be dangerous, don't have the greatest foundation laid out so when it gets to serious understanding of built-in functions, arrays and passing arguments we can lose the flow and I basically think I have dug a hole by using includes to call some navbar so that I can't just use a header to output the damn image as I echo the user name after login so it has already outputted lines and it will be a monster to undo. Three levels of nav, unauthenticated, authenticated and admin.
The database connection and write to/read from is OK. I can store the BLOB and I can even read it back and store the array in a variable and then debug see the binary but I can't get it to display on an HTML page.
Here is the fun:
$stmt = $dbc2->query("SELECT * FROM equip1");
while ($row = $stmt->fetch(PDO::FETCH_ASSOC))
{
$name = $row['equipname1'];
$desc = $row['equipdesc1'];
$img = $row['equipimg1'];
}
<div class="col-lg-12">
<h1><?php echo $name ?></h1>
<p><?php echo $desc ?></p>
<pre>
<?php print_r($img); ?>
</pre>
<?php echo "<img src='data:image/jpeg;base64," . base64_encode( $img ) . "' />"; ?>
</div>
$dbc2 connects
equip1 table is two simple varchar cols, one BLOB col.
$name and $desc echo out ok, the $img displays broken link.
I check the array via pre code and is matching, per what is stored in dB during upload.
From what I have read and gone through, seems like you can't do this at same time unless via data URI which I have done but still broken link. Not making sense to me at all. I try the header and of course output already started but I can see also outputs the binary.
Here is screenshot of the URI method:
Since both methods "seem" to get into and out of the dB but do not display I'm going round in circles. Please help me out to display the image on an html page. I would like to echo it anywhere and then I can just style the page after that. Thanks!
Try Like this
<?php echo '<img src="data:image/png;base64,'.base64_encode($img).'">';?>
Uhh NEVER MIND. Never thought reading someones answer would make for "fresheyes". I noticed I was encoding but I already encoded it when I stored it. Mea culpa. DOH! :)
I'm building a website with a very basic blog-like "News" functionality. Basically, you enter the title, author, author's picture, date, and message of the news update to on a password-protected form, and then the magic of PHP grabs that stuff and sticks it in a MySQL database. Then, using more PHP, these little articles are dynamically loaded on a "News" page. The script that uploads the data to the MySQL database works fine. So does the script that displays the news on the webpage. Here's the problem: if I edit the "display" PHP script and upload the edited script onto the hosting server, those edits aren't reflected in the website. Here's my code:
<?php
include('dbconnect.php'); //connects to database
//select the table
$result = mysql_query("select * from newscms order by id desc limit 5");
//grab all the content from the table
while($r = mysql_fetch_array($result))
{
$id = $r['id'];
$title = $r['title'];
$date = $r['date'];
$user = $r['user'];
$icon = $r['icon'];
$message = $r['message'];
//displays the rows
echo "<img src='$icon' align='left'/><strong>$title</strong> <br/>
Posted on $date
Posted by: <strong>$user</strong><br />
$message <br />";
}
?>
Now if I changed the "echo" function to instead show something like:
echo "<img src='$icon' align='right' width='12' height='24'/><em>$title</em> <br/>
Posted on $date
Posted by: <strong>$user</strong><br />
$message <br /> I like turtles";
(Notice I have changed the alignment and size of the icon, changed <strong> to <em> for the title, and added the text "I like turtles" to the end)
with all these changes, absolutely nothing changes on the webpage!
Why? It's driving me insane! Is there some flaw in my script I can't see? Is it a server-side problem that I should contact my web host about? (And before you ask, yes, I cleared my browser cache.) Help please!
Step 1 create a new folder to your desktop called any name then download the updated file from your ftp folder to your local folder . then open that file you downloaded and see if really those changes you made exists . from there you might be able to trace what might be the cause of that problem . Also if I were you I would have deleted the that file in the ftp and I upload the current one so that I can be sure.
So.
It was a pathname problem. Sort of.
At first, I was implementing the display functionality by using a PHP include function to include a "display.php" file. Then, for reasons now forgotten, I commented out that function and instead copy-pasted the contents of the display.php file into the webpage file. Of course, I forgot that I did that, and have been editing the display.php file. Solution: stop being an idiot, uncomment that include, and delete the rest. All fixed. Thank you to everyone who tried to help.
I have a database with just over 800 data.
product table
pid name p_page
1 money money.php
2 gold gold.php
3 .
. .
. .
800 .
I have 2 pages...
product_item.php
<div class="button">
View
</div>`
when you click view the product info is pass to product.php
in here i have
if (isset($_GET['pid'])) {
depending on what product the user clicked on the URL might look like something below but the 44 will change to whatever id
http://www.example.x10.mx/money.php?pid=44
the problem with this, is that money.php have a different layout to the other pages and if I change 44 to 68, the product info will show on the page but the layout will not look good.
My question
what is the best way for me to stop users from being able to change the url.
I want to encrypt all my pid in the url so it will look something like
http://www.example.x10.mx//money.php?sel=the product name here or 4 letters or anything
I just want to take away pid from the url.
Please help me. If you dont understand my question please ask in the comment and try and say what you think you understand.
Edited to show my fetch function
$php = "php/";
$apages = "account/";
$bpages = "booking/";
$gpages = "general/";
$ppages = "product/";
// Global functions
function fetchdir($dir)
{
$protocol = $GLOBALS['protocol'];
$host = $GLOBALS['host'];
($dir == $GLOBALS['apages'] || $dir == $GLOBALS['bpages'] || $dir == $GLOBALS['ppages'] || $dir == $GLOBALS['gpages'] ? $branch = $GLOBALS['pagebranch'] : $branch = $GLOBALS['branch']);
echo $protocol.$host.$branch.$dir;
}
Thanks
p.s. I dont know if this can be done in .htaccess but i think it can be done in php
Some clarification:
I have a url which looks like this
www.example.com/account/product.php?pid=1
the problem with this is that someone can change 1 or any number and if they is a pid in the database with that number it will get the items information and display on the page. Which I don't want to happen because not all product are meant to be display in some pages.
In the papge which i show all my available product. I simple uses a SELECT statement and then echo what I need in some div.
In that page I have a view button.
$stmt = $conn->prepare("SELECT * FROM Product WHERE Type = 'shoes'");
$stmt->execute();
$i = 0;
$rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
foreach ($rows as $row) {
$id = ($row['pid']);
$product_page ($row['dir_page']);
<div class="button" >
<a href = "<?php fetchdir($apages) ?><?echo $product_page?ProdID=<?php echo $id>" > View</a >
</div >
}
Depending on the page that information is getting sent to when you click on view I use Get method
<?php
if (isset($_GET['pid'])) {
// Connect to the MySQL database
dbconnect();
$id = preg_replace('#[^0-9]#i', '', $_GET['pid']);
}
If you notice in my select statement used type to show only the product which type is shoes. I have other types as well, which as their other pages. Now the problem is if i change the pid to any page that doesn't have a type of shoes or if an in the other pages and enter a pid which type is shoes or anything, the information from that page will still render. Which I don't want to happen.
My question
how can i stop users from changing that pid and even if they change it. they will still be on the same page?
The problem isn't having the PID in the URL, it is having the template name in the URL.
Store the template name in the database (you are doing this already), and use that to determine what HTML to wrap the data in instead of putting it (money.php) in the URL.
Move your templates out of the web root (they shouldn't be hit by users directly), have a single index.php and then include() the template based on the data in the database.
You cannot prevent someone from changing the URL or from requesting arbitrary URLs. Your server (i.e. your app) has to decide how to respond to an invalid request. If you don't want to display certain things publicly, flag them as such in your database, test for that flag and simply refuse to output anything if that flag is hit.
Make the server respond negatively if something doesn't fit your conditions; don't expect the user to behave correctly.
Assuming that PID is a autoincrement value, you can still obfuscate it. Add another column in the table that contains a randomly-generated key (using uniqid or some derivative). Then use that key in your URL. You'll get something like: www.example.com/account/product.php?pid=II8GypI6H93Ij. This doesn't guarantee that someone won't find it, but it's good enough in most instances.
Check for allowance in the Database
Depending on your level of programming skills, in the database you could add a field or a relational table that relates the ID of the pages to allowed page templates (I'm guessing you're talking about templates.)
Then in the code you can make it so the page checks this database to see if the page contents are allowed to show. Something like:
$query1 = "SELECT * FROM Product WHERE Type = 'shoes' and allowedTemplate='1'";
This way you won't have to hardcode everything into the code itself. On the backend (if there is a CMS) then you could have checkboxes indicating the relationships to the templates and prefill them by default.
You'll need to make the site so something with that stuff though.
Your other option
You could use clean urls (which used to be better for SEO) to show real words instead of the IDs. Then you can use .htaccess tricks to convert the URIs to their ID counterparts with a dynamic RewriteMap.
I've searched far and wide and every CMS tutorial out there either doesn't explain this at all or gives you a huge chunk of code without explaining how it works. Even on stack overflow I can't find anything close to the answer, though I'd be okay with eating my words if someone could point me to the answer.
I am using PHP and mysql for this project.
I am building a CMS. Its extremely simple and I understand every concept I think I'll need except how to dynamically generate pages and page links. The way I want to do it is by having a database table that stores the name of a page and the main content of the page. That's all. Then I'd just call a script to pull the main content of a page into whatever page I happen to call. No big deal, right? Wrong.
Here's the problem. If I were to do this then I'd have to create a file for every page I want to create that calls the script that pulls the content from the correct database row. So I could add all sorts of page names and contents into the table but I don't know how to call them without manually creating new files each time I want to link to a new page.
Ideally there'd be a script that creates links to pages based on the page name row of the DB table as the pages are created. But how do you get those links with the ?=pageName at the end? If I just knew how that worked then I could figure the rest out.
UPDATE
The second answer really confirmed everything I thought I had to do but there is one catch. My plan now is to split up all the code into a series of functions and either include or require them in different templates that will be used to format the way pages are displayed. I need one look for the home page and one other design for the rest of the pages. I'm thinking that I'll have a function that says if ID is 0 then call this page template.php else call this other template file.php. But how do I pass the required variables to these new files? Do I just include the index.PHP page in them?
Bill your actually on the right track. Almost all web software today does extensive URL processing. Traditionally you would have php pages on your web root and then utilize the query string in the URL to refine the page's output. You have already arrived at why this might not be desired. So the popular alternative is the Front Controller design pattern. Basically we funnel every request to your index.php page and then route the request to internal pages or apps outside the web root. This can get complicated fast and everybody seems to implement this pattern in unique ways.
We can utilize this pattern without the routing by simply putting our app in the index page. The script below shows an example of what your trying to do in the simplest of ways. We basically have one page with our script. We can request the virtual pages by changing the id query string in our url. For example www.demo.net/?id=0 can be utilized as an index to your site. This should be the same as www.demo.net without the 'id' query. Just keep solving those problems one by one even if you don't know what the problem is. Once you start looking at other peoples code, then you can start seeing how other people solved the same problems you have.
The solution below will get you started, but then what do you do when you want an admin page? How do you authenticate the user? Do you duplicate alot of the code for yet another page? If your serious about your CMS then your going to want to implement some kind of framework underneath it. A framework to process the url, route to your application, load configuration files, and probably manage your database connection. Yea it gets complicated, but not if you solve each problem one at a time. Utilize classes or functions to share code to start. At the very least include a common "bootstrap" file at the top of your page to initialize common functionality such as a database connection. Read Stack Overflow just to keep up with whats going on. You can learn alot of terminology and probably find some answers to questions you didn't even know you wanted to ask.
Below assume we have a table with the following fields:
page_id
page_name
page_title
page_body
<?php
//<--------Move outside of web root-------------->
define('DB_HOST', 'localhost');
define('DB_USER', 'cms');
define('DB_PASS', 'changeme');
define('DB_DB', 'cms');
define('DB_TABLE', 'cms_pages');
//<---------------------------------------------->
//Display errors for development testing
ini_set('display_errors','On');
//Get the requested page id
if(isset($_GET['id']))
{
$id = $_GET['id'];
}
else
{
//Make page id '0' an index page to catch all
$id = 0;
}
//Establish a connection to MySQL
$conn = mysql_connect(DB_HOST,DB_USER,DB_PASS) or die(mysql_error());
//Select the database we will be querying
mysql_select_db(DB_DB, $conn) or die(mysql_error());
//Lets just grab the whole table
$sql = "SELECT * FROM ".DB_TABLE;
$resultset = mysql_query($sql, $conn) or die(mysql_error());
//The Select Query succeeded, but returned 0 result.
if (mysql_num_rows($resultset)==0)
{
echo "<pre>Add some Pages to my CMS</pre>";
exit;
}
//This is our target array we need to fill with arrays of pages
$result = array();
//Convert result into an array of associative arrays
while($row = mysql_fetch_assoc($resultset))
{
$result[] = $row;
}
//We now have all the information needed to build our app
//Page name - Short name for buttons, etc.
$name = "";
//Page title - The page content title
$title = "";
//Page body - The content you have stored in a table
$body = "";
//Page navigation - Array of formatted links
$nav = array();
//Process all pages in one pass
foreach($result as $row)
{
//Logic to match the requested page id
if($row['page_id'] == $id)
{
//Requested Page
$name = $row['page_name'];
$title = $row['page_title'];
$body = $row['page_body'];
$page = "<b>$name</b>";
}
else
{
//Not the requested page
$page = $row['page_name'];
}
//Build the navigation array preformatted with list items
$url = "./?id=" . $row['page_id'];
$nav[] = "<li>$page</li>";
}
?>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>SimpleCMS | <?php echo $title; ?></title>
</head>
<body>
<div>
<div id="navigation" style="float:left;">
<ul>
<?php
foreach($nav as $item)
{
echo $item;
}
?>
</ul>
</div>
<div id="content"><?php echo $body;?></div>
</div>
</body>
</html>
I think you need to read about $_GET.
I also recommend a decent PHP book. Forget online tutorials; they are (for the most part) utterly useless.
I'm working on a page where I've listed some entries from a database. Although, because the width of the page is too small to fit more on it (I'm one of those people that wants it to look good on all resolutions), I'm basically only going to be able to fit one row of text on the main page.
So, I've thought of one simple idea - which is to link these database entries to a new page which would contain the information about an entry. The problem is that I actually don't know how to go about doing this. What I can't figure out is how I use the PHP code to link to a new page without using any new documents, but rather just gets information from the database onto a new page. This is probably really basic stuff, but I really can't figure this out. And my explanation was probably a bit complicated.
Here is an example of what I basically want to accomplish:
http://vgmdb.net/db/collection.php?do=browse<r=A&field=&perpage=30
They are not using new documents for every user, they are taking it from the database. Which is exactly what I want to do. Again, this is probably a really simple process, but I'm so new to SQL and PHP coding, so go easy on me, heh.
Thanks!
<?php
// if it is a user page requested
if ($_GET['page'] == 'user') {
if (isset($_GET['id']) && is_numeric($_GET['id'])) {
// db call to display user WHERE id = $_GET['id']
$t = mysql_fetch_assoc( SELECT_QUERY );
echo '<h1>' . $t['title'] . '</h1>';
echo '<p>' . $t['text'] . '</p>';
} else {
echo "There isn't such a user".
}
}
// normal page logic goes here
else {
// list entries with links to them
while ($t = mysql_fetch_assoc( SELECT_QUERY )) {
echo '<a href="/index.php?page=user&id='. $t['id'] .'">';
echo $t['title'] . '</a><br />';
}
}
?>
And your links should look like: /index.php?page=user&id=56
Note: You can place your whole user page logic into a new file, like user.php, and include it from the index.php, if it turns out that it it a user page request.
Nisto, it sounds like you have some PHP output issues to contend with first. But the link you included had some code in addition to just a query that allows it to be sorted alphabetically, etc.
This could help you accomplish that task:
www.datatables.net
In a nutshell, you use PHP to dynamically build a table in proper table format. Then you apply datatables via Jquery which will automatically style, sort, filter, and order the table according to the instructions you give it. That's how they get so much data into the screen and page it without reloading the page.
Good luck.
Are you referring to creating pagination links? E.g.:
If so, then try Pagination - what it is and how to do it for a good walkthrough of how to paginate database table rows using PHP.