I'm trying to make a database that uploads the pictures and shows them, sorta like a gallery. It uploads them but the problem is where the pictures should be it gives me this strange symbol ( sorry can't post it because I'm new :| ) and I can't tell if this means it just refuses to show them, or something went wrong. Help?
<?php
mysql_connect("localhost") or die(mysql_error());
mysql_select_db("images") or die(mysql_error());
$id=addslashes($_REQUEST['id']);
$image=mysql_query("SELECT * FROM dadsda WHERE id=$id");
$image=mysql_fetch_assoc($image);
$image=$image['image'];
header("Content-type: image/jpeg");
print($image);
?>
At no point in that code is the image actually output.
If image is a BLOB field in the database, you'd need to do print $image; after the header() call. If it's a filename/path, you'd need to use readfile() to output the contents of that file.
Also, this code is vulnerable to SQL injection. If I go to script.php?id=1%3B+DROP+TABLE+dadsda%3B it'll delete your database table because I just made your code execute the SQL query SELECT * FROM dadsda WHERE id=1; DROP TABLE dadsa;.
sometimes if the image box is empty my jpeg is not defined in your mime types on server side.. just right click on the empty image box and give me the properties...
regards..
Related
So i think this question has been addressed before but none of the answers seem to help me.
I have uploaded a .jpeg file to my database by extracting the content from the file and uploaded that to a BLOB field in my database. When it comes to retrieving the data I search the database using an id set by the query string ?id=146 (I've inserted a value that relates to a specific entry in my database just to check the functionality). When I then echo the image['image'] the binary data displays fine (well the browser renders the data how it interprets it) so its finding the entry I want, and it displays the data fine. When I add header("Content-type: image/jpeg"); and reload the page the browser tells me the image is missing. ![screen shot of missing image display][1]
The entire functionality will work as i will reference the php file in the src of an tag on the page I want the image to display. But I can't even get the image to load onto the php page when I type in its URL(inc the correct query string).
Here is a my code for the php page to find the image:
$id = intval(addslashes($_REQUEST['id']));
header("Content-type: image/jpeg");
$result = $dbh->prepare("SELECT * FROM `cefk_profile` WHERE `id`=$id");
$result->execute();
$image = $result->fetch(PDO::FETCH_ASSOC);
echo $image['img'];
And here is a shot of the page that will display the picture:
echo '<img src="php/get_img.php?id=146">';
I am trying to read multiple image files from a folder (.htaccess protected) and display in a HTML page using php readfile().
The problem is I can see only the first image is read and the next is not shown in the browser. The code is as below
<?php
$image1 = 'files/com_download\256\50\www\res\icon\android\icon-36-ldpi.png';
$image2 = 'files/com_download\256\50\www\res\icon\android\icon-48-mdpi.png';
$imginfo = getimagesize($image1);
header("Content-type: ".$imginfo['mime']);
readfile($image1);
$imginfo = getimagesize($image2);
header("Content-type: ".$imginfo['mime']);
readfile($image2);
?>
I could see the first image 'icon-36-ldpi.png' successfully read and displayed in the browser and the second image is not read and not displayed in the browser.
Am I missing something? Any advice please.
Sorry if I am doing stupid but the requirement is to read multiple image files and render in the browser like a grid view. I cannot use img tag because of security reasons.
You can't dump both images out at once. Why not make two images in your html so the browser makes two calls to your script. Then use a GET param to pass the filename you want to display.
---Edit---
Important Security Note
There is an attack vector which you open up when doing soething like this. Someone could easily view your source html and change the parameter to get your image script to output any file they want. They could even use "../../" to go up directories and search for well known files that exist. e.g. "../../../wp_config.php". Now the attacker has your wordpress database credentials. The correct way to prevent against this is to always validate the input parameter properly. For example, only output if the file name ends with ".jpg"
Hi I have searched the web for 2 days but did not accomplish what I am looking for.
I have an apache server which will be accessed by 146 students. the user picks an angle from dropdown lets say 45 degress, then user clicks CALCULATE button. Then user clicks DIAGRAM button to see how the sine graph looks like.
Works like charm when i write the image to a file e.g: imagepng($img,"diagram.png");
Now the problem is that the diagram.png will always get overwritten by the last user. So for example if another user logs in and calculates the Sin 135. Both users will see Sine 135 because filename is hardcoded since there is conflict of filename.
I have searched the web on how to create the image dynamically instead of writing to a file and then reading the file. I have come across the following but not working:
base64_encode and decode
What would I have to do to my code of imagepng(...., ...) mentioned above to make use of base64 so I can actually draw the picture of already processed data. Let assume if I comment out the imagepng(..) code, then what do I replace it with. I hope I don't have to change my code a whole lot.
Please help
thanks
Amit
The filename argument to imagepng is optional. From the manual:
filename
The path to save the file to. If not set or NULL, the raw image stream will be outputted directly.
You would just need to send a png header at the top of the script and you would get the image as output for that script.
It's hard to tell without seeing you code how it is structured
but if once the user submits the form all you do is show the image by itself, then you can do something like this.
// make sure nothing else is out put before this otherwise it will stuff up the header
header('Content-Type: image/png);
imagepng($img);
If you embed the image into an html page as the result, then your best best would be to change the url of the image on the success page to something like this.
<img src="/path/to/file.php?deg=45" />
Then in the file.php
$deg = $_GET['deg'] + 0; // make sure it is a number
$img= function_render_graph($deg);
// make sure nothing else is out put before this otherwise it will stuff up the header
header('Content-Type: image/png);
imagepng($img);
By using a GET request, rather then a POST request then the image will likely be cached by the browser, so it doesn't need to be rendered each time. (Given that you have a drop list of angles, there must be a limited number of graphs that can actually be drawn)
Draw_Resultant_Prism_Graph (parameters)
{
$img = imagecreatetruecolor(800,750);
....
....
...
the following lines captures the data from output buffer and displays on same screen
***some version of IE have some issues mostly the dumb terminals where IE update is ADMIN
***restricted
ob_start();
header("Content-type: image/jpeg");
imagepng($img);
$output = ob_get_contents();
ob_end_clean();
imagedestroy($img);
echo img src="data:image/jpeg;base64,'.base64_encode($output).'"
user tags around img above and semicolon af
}
I've create a table where I've saved images through "BLOB". I need to show those images along with other items. But I don't know how to show those images together in the same page.
Here's my php code that displays other things in form of a table. Similarily, I wanted to display images accordingly. Any help?
<?php
$display_query = mysql_query("SELECT * FROM eportal");
echo "<table id='pageTable'><thead><tr><th>Item code</th><th>Description</th><th>Cost</th></tr></thead>";
echo "<tbody>";
while($row = mysql_fetch_array($display_query)){
print "<tr><td>".$row['itemid']."</td><td>".$row['description']."</td><td>";
print "₹".$row['cost']."</td></tr>";
}
echo "</tbody>";
echo "</table>";
mysql_close($connection);
?>
Saving images to the DB is not a good idea but if You think You need to it this way, then You can retrieve the data from DB table, encode it to base64 (http://php.net/base64_encode) and then in HTML print it in this way:
<img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAUAAAAFCAYAAACNbyblAAAAHElEQVQI12P4//8/w38GIAXDIBKE0DHxgljNBAAO9TXL0Y4OHwAAAABJRU5ErkJggg==" alt="Red dot">
Using PHP You would write:
echo '<img src="data:'.$image_mime_type.';base64,'.base64_encode($image_data_from_db).'" alt="My image alt" />';
As other people mentioned, storing the images in the database is usually a bad idea.
Images are not transmitted in the same HTTP response with another page data.
To show images from the database, you would need to implement a script which, given the item id, would read the field and send the image's binary data; and provide the path to the script in your form's <img src="">:
while($row = mysql_fetch_array($display_query)){
print "<tr><td>".$row['itemid']."</td><td>".$row['description']."</td><td>";
print "₹".$row['cost']."</td><td>";
print "<img src=\"image.php?id=".$row['id']."\"></td></tr>";
}
image.php is another script which outputs the value of image_blob given the eportal.id. You would also need to provide correct size and mime type in the headers.
You better just store the images in a file (accessible by the web server) and store the path fo the file in the database.
Read the Blob data and write it into the file with header type image.. and try to print it, It should display the image file.
And yes saving image or any file in DB is really a bad habit as you are increasing DB size and it slowdown the performance also.. I suggest you to just try to convert you Blob into Image but don't apply in your work. Just save the image at desired location and keep its location path into DB to fetch and save next time.
The debate of storing blobs versus storing a path to the image file on disk has been debated over and over again. Microsoft provides a research paper comparing the pros and cons of each here. With that said, to display a blob as an image you need to make a call to a separate page and output header information that tells the browser what type of image is stored.
For example:
connectToDatabase();
$sql = "SELECT image_blob FROM eportal;";
$result = mysql_query($sql) or die(mysql_error());
$row = mysql_fetch_array($result);
header("Content-type: image/jpeg");
echo $row['image_blob'];
$db->close();
In case you still want to save your images in database, you will need second script which will get those images from database and pass them to browser with correct headers.
header("Content-type: image/jpeg");
#
# Replace this with database read:
# readfile('myimage.jpg');
Also, you will need to store what kind of image u use. There will be different header for JPEG, GIF or PNG file.
I am working with a script for resizing images. I seem to be getting an error:
Error: no image was specified
Probably because of this code in the script(image.php):
if (!isset($_GET['image']))
{
header('HTTP/1.1 400 Bad Request');
echo 'Error: no image was specified';
exit();
}
Here is what I'm doing(profile.php):
$your_image = $row['Image'];
$path_to_image = $row['PortraitPath'];
$width = 100;
$height = 100;
echo "<img src=\'/image.php/{$your_image}?width={$width}&height={$height}&cropratio=1:1&image={$path_to_img}\' alt=\'Alt text goes here.\' />";
Therefore, I am reading $your_image and $path_to_image from a MySQL table, and then putting it in the img source. As mentioned above, obviously, image is not set, that is why I am getting that first error. What I don't get is, how will the image actually even be set with my img src code? Aren't I simply displaying the actual image? Then how will image even be set if a picture is simply being displayed? Thank you.
If you want to source a php file instead an image, you need to tell your php file that the output will be an image.
You can do this using the php header() function, like this:
header('Content-type: image/jpeg');
Here is some reference: php header function
About the address you are point to, isn't a bit weird? You have a slash right after the .php, which suggest that you are trying to access some folder... Did you tested this url to see if a real image are being outputted on the screen?
Hope this can help you =)
The URl for the image contains ?foo=bar&this=that&image=path. These variables will be passed to the image.php script in the $_GET array.
As a word of warning, in your profile.php's code I saw this fragment:
image={$path_to_img}
Depending on how you deal with the value of $_GET['image'] this may result in a RFI vulnerability. The user could forge a GET request to image.php with their own "image" path.
A couple things that I noticed, I'm not sure how much of the code you modified before posting it here...
1a) Don't escape the single quotes if you are using double quotes to encompass it.
OR
1b) Change the escaped single quotes to escaped double quotes.
2) In the URL you are using $path_to_img but the variable you have defined is $path_to_image. Make them consistent.