Good day i have a problem with my php and can't find a solution
<?php
$pid = $_REQUEST['pid'];
$rs = mysql_query("SELECT image from images where patient_id='$pid'") or die(mysql_error());
while($row = mysql_fetch_assoc($rs));
{
$imagebytes = $row['images'];
header("Content-type: image/jpg");
echo $imagebytes;
}
?>
i call this to another php by
echo '<img src="myimage.php?pid=51">';
but i keep getting an error
"Resource interpretted as image but transfferd as MIME type text/html" i been stuck for a while now
Try this:
<?php
if( headers_sent() ) { die('headers already sent by something else'); }
else { header("Content-type: image/jpg"); }
$pid = intval($_REQUEST['pid']);
$rs = mysql_query("SELECT image from images where patient_id=$pid LIMIT 1") or die(mysql_error());
if($row = mysql_fetch_assoc($rs)) {
echo $row['image'];
}
exit;
It does the most basic of input validation so you don't get SQL injected, checks if something has already sent headers, and removes the inexplicable loop from your code.
Also, the likely reason it was dying is that you have SELECT image FROM images, but the field you were trying to access was $row['images'] which doesn't exist. That was likely printing an error message, causing the default text/html headers to be sent before your try to set the image/jpeg header.
Also, why was $pid in quotes in your query? Is it a string? Please tell me you're not storing integers as strings.
Related
I have a download button and when i click on it, instead of saving to disk it opens it in the browser. I tried a bunch of attempts to make it open in the browser but it doesnt seem to do anything
<?php
// make a connection to the database
require_once("connection/connection.php");
//retrieve the ID from the url to fetch the specific details
if ($_GET['id'] != ""){
$item_id = $_GET['id'];
$bad_id = FALSE;
}
else{
$item_id = "";
$bad_id = TRUE;
}
//select the specific item from the database
// run if statement to ensure valid id was passed
if (is_numeric ($_GET['id'])){
$query = "SELECT name FROM repository WHERE item_id = '$item_id'";
$result = mysql_query($query) or die(mysql_error());
// assign the values to an array
$row = mysql_fetch_assoc($result);
//assign the values from the array to variables
$name = $row['name'];
}
// define path to the xml file
$file = "xml/".$hud_name . "_cfg.xml";
// check to make sure the file exists
if(!file_exists($file)){
die('Error: File not found.');
} else{
// Set headers
header("Content-Type: application/xml");
header("Content-Disposition:attachment; filename=".basename($file)."");
readfile($file);
}
?>
That is download.php and it obviously finds the file because it doesnt give the error about it not existing. It also echos back the correct file path
Then on another page i have:
<img src="images/download.png" alt=""/>
Any ideas whats wrong?
Well the solution turned out to be simple in the end but i didnt see any documentation saying the header must be the very first line. If i placed:
header("Content-Type: application/xml");
as the first line and then the coding below it and the other header info at the end it works. Im not sure if that's the solution or a workaround but it fixed it for me
I have read every tutorial I can find on this topic, but none of them helped fix my issue. I don't know why, but my code is just giving me an html file whenever I click on the download button, instead of downloading an image file.
HTML:
Download Now
PHP:
<?php
$id= $_GET['id'];
$con= mysqli_connect("localhost","root","","dbname");
if (mysqli_connect_errno($con))
{
echo "<script type=\"text/javascript\">alert('Failed To connect to MySQL: "+"mysqli_connect_error();"+"');</script>";
}
else
{
$sql = "SELECT * FROM users_files WHERE file_id = ".$id;
$result = mysql_query($sql);
$row_cnt = mysqli_num_rows($result);
echo "<script type=\"text/javascript\">alert('".$row_cnt."');</script>";
if(!$result || !mysql_num_rows($result)){
echo "<script type=\"text/javascript\">alert('Invalid file chosen.');</script>";
//echo '<script language="javascript" type="text/javascript" >';
//echo ' window.location.assign("ViewMyFiles.php");';
//echo '</script>';
mysqli_close($con);
}
$curr_file = mysql_fetch_assoc($result);
$size = $curr_file['file_size'];
$type = $curr_file['file_type'];
$name = $curr_file['file_name'];
$content = $curr_file['file_content'];
header("Content-length: ".$size."");
header("Content-type: ".$type."");
header('Content-Disposition: attachment; filename="'.$name.'"');
readfile($content);
$_SESSION['email']=$nemail;
mysqli_close($con);
}
?>
I named the above PHP file getfile.php and I'm getting on download result as getfile.htm.
Debug!
Comment out the headers and see, what really gets to the client. Then comment them in and check in browser dev console (header + response).
You're also vulnerable to SQL injections.
This question already has answers here:
Closed 10 years ago.
Possible Duplicate:
Headers already sent by PHP
I am getting the following error from the following code, and I am not entirely sure why. If you could tell me how to fix it, that would be great. Thanks in advanced.
Warning: Cannot modify header information - headers already sent by (output started at...) on line 45.
<?php
// Initialization
$conn = mysql_connect(DB_HOST,DB_USER,DB_PASSWORD);
mysql_select_db(DB_NAME, $conn);
// Error checking
if(!$conn) {
die('Could not connect ' . mysql_error());
}
// Localize the GET variables
$ref = isset($_GET['ref']) ? $_GET['ref'] : "";
// Protect against sql injections
// Insert the score
$retval = mysql_query("INSERT INTO $table(
site
) VALUES (
'$ref'
)",$conn);
if($retval) {
echo "Successfull";
} else {
echo "Unsuccessfull " . mysql_error();
}
mysql_close($conn);
?>
<?php
$url = $_GET['url'];
$loc = 'Location: '. $url;
header($loc);
exit;
?>
Take out the echo calls, you can't send information to the browser before the headers.
You can try something like this to still show if an error happens:
if(!$retval) {
echo "Unsuccessfull " . mysql_error();
}
If you change the headers you cannot output any text prior to to the header command otherwise the headers will already be sent.
ie.
if($retval) {
echo "Successfull";
} else {
echo "Unsuccessfull " . mysql_error();
}
Is outputting text before you change the headers.
Use Output Buffers: http://php.net/manual/en/function.ob-start.php
ob_start();
at the start and
ob_end_flush();
at the end.
What I generally recommend for situations like this, is save all output to the end, as gmadd mentioned, you can do the ob_start, but I prefer to store the data in a string without having to add the extra code (I know you can also designate this in the .htaccess file, I would go that route over adding the actual ob_start items).
What I would do:
$display = ""; // initiate the display string
// etc doe here
if($retval) {
$display .= "Successfull";
} else {
$display .= "Unsuccessfull " . mysql_error();
}
// end of the script right before ?>
echo $display;
?>
The ob_start method works and if you want to go that route, you can add this in the .htaccess file (given that allowoverride is set in your apache setup):
php_value output_buffering On
Again I still recommend the $display storage method, but that is my personal opinion.
Use:
<meta http-equiv="Refresh" content="0;url=http://www.example.com" />
I have built somekinda image-api-key for my website but it doesn't seem to work. I get an blank page, returning nothing! Whats wrong? Greetings.
if(isset($_GET['key']) && !empty($_GET['key'])){
$query = " SELECT
*
FROM
table
WHERE
apikey = '". mysql_real_escape_string($_GET['key']) ."'
";
$mysqlquery = mysql_query($query);
if($mysqlquery){
if(mysql_num_rows($mysqlquery) > 0){
if(isset($_GET['type']) && isset($_GET['image'])){
if($_GET['type'] == "gif"){
if($_GET['image'] == "1"){
header('Content-type: image/gif');
echo file_get_contents('path/to/image/1.gif');
}
elseif($_GET['image'] == "2"){
header('Content-type: image/gif');
echo file_get_contents('path/to/image/2.gif');
}
elseif($_GET['image'] == "3"){
header('Content-type: image/gif');
echo file_get_contents('path/to/image/3.gif');
}
elseif($_GET['image'] == "4"){
header('Content-type: image/gif');
echo file_get_contents('path/to/image/4.gif');
}
elseif($_GET['image'] == "5"){
header('Content-type: image/gif');
echo file_get_contents('path/to/image/5.gif');
}
else
{
die('Could not load image');
}
}
else
{
die('Could not load image');
}
}
else
{
die('Could not load image');
}
}
else
{
die('Api key was not correct');
}
}
else
{
die('Mysql query failed');
}
}
else
{
die('No api key was set');
}
You need to check your error logs/ensure you have logging turned on as it sounds very much like PHP is throwing an error. (N.B.: If this is a production environment, be sure to turn logging back off afterwards.)
At a guess if could be one of the paths that's incorrect or you've already output some data prior to attempting to set a header, but the error logs should make it pretty obvious what the problem is.
If PHP is throwing certain kinds of errors such as syntax errors it will output an error message and terminate without any other output. However, if display_errors is turned off in php.ini then not even the error message will be output and you'll just get a blank screen.
Alternatively, if you're trying to send a file that doesn't exist after you've sent the image/gif header then this could also result in a blank page. Look at the headers that got sent back. If you got an image/gif content type header back then the code is reaching a point where it's trying to send an image. The fact you don't actually get an image would suggest that there's no image file to send.
I've written a method to set a header() to the appropriate file type of an upload stored in a database and then I would like to echo() the file.
The method is as follows inside a controller:
function view_upload( $id = 0 ) {
$id = $this->db->escape( $id );
$query = $this->db->query( "SELECT file_type FROM media WHERE id = $id" )->row();
$query2 = $this->db->query( "SELECT file FROM media WHERE id = $id" )->row();
header("Content-type: ".$query->file_type);
//die( "moo" );
echo( $query2->file );
}
Strangely as soon as I set the header() the rest of the method seems to be ignored, for example, if I uncomment the die() statement it doesn't die and it doesn't echo the image. If I remove the header() call I see the raw upload blob presented to the screen..
Is this something to do with CodeIgniter or have I made a PHP mistake?
EDIT:
I've changed the function and put it in a separate file outside of CodeIgniter but if I browse to it and pass in an $id it still doesn't display the image...
<?php
// just so we know it is broken
error_reporting(E_ALL);
// some basic sanity checks
if(isset($_GET['id']) && is_numeric($_GET['id'])) {
//connect to the db
$link = mysql_connect("localhost", "user", "pass") or die("Could not connect: " . mysql_error());
// select our database
mysql_select_db("database") or die(mysql_error());
$id = $_GET['id'];
// get the file from the db
$sql = "SELECT file FROM media WHERE id=$id";
// the result of the query
$result = mysql_query("$sql") or die("Invalid query: " . mysql_error());
// get the file_type from the db
$sql = "SELECT file_type FROM media WHERE id=$id";
// the result of the query
$result2 = mysql_query("$sql") or die("Invalid query: " . mysql_error());
// set the header for the image
//ob_clean();
//die( mysql_result($result, 0) );
//header('Content-type:'.mysql_result($result2, 0));
header('Content-type: image/png');
//ob_clean();
echo mysql_result($result, 0);
// close the db link
mysql_close($link);
}
else {
echo 'Please use a real id number';
}
?>
die() on the two $result produces what I would expect but it's not displaying the page in the browser. Again if I add ob_clean() it says:
ob_clean() [<a href='ref.outcontrol'>ref.outcontrol</a>]: failed to delete buffer. No buffer to delete.
I've copied the code from here: http://www.phpriot.com/articles/images-in-mysql/8 if that helps at all..
It turns out that the image in the database was corrupt, and hence not displaying, because I had added addslashes() to the file contents (not really sure why, seem to remember reading it was useful in combating XSS vulnerabilities).
Removing that meant I had non-corrupt images stored and then they displayed okay.
First You need to start ob_start() just before on_clean() then you need to write like header().
Here is the follow.
ob_start();
ob_clean();
header ("Content-type: image/png");
?>
Try this let me know is this working or not hopefully it will help you.