I am working on a school-project with two classmates. Our task is to make a dynamic gallery for web.
So we got the whole gallery up and running perfect, except chrome is acting mighty weird about it.
We have our pictures uploaded in blob, as well as our thumbnails. We load them from the database through php.
<div id="content_right">
<?php
if(isset($_GET['c'])) {
$c = $_GET['c'];
$thumbs_sql = mysql_query("SELECT foto_id
FROM `fotos`
INNER JOIN foto_cat ON fotos.foto_cat = foto_cat.cat_id
WHERE fotos.foto_cat = $c");
}
else{
$thumbs_sql = mysql_query("SELECT foto_id
FROM fotos
INNER JOIN foto_cat ON fotos.foto_cat = foto_cat.cat_id
ORDER BY RAND() LIMIT 8");
}
while($getthumbs = mysql_fetch_array($thumbs_sql))
{
$thumb_id = $getthumbs["foto_id"];
$picsource = 'inc/thumbnails.php?thumb='.$thumb_id;
$thumb .= '<div class="ikon">
<img alt="'.$thumb_id.'" src="'.$picsource.'" value="inc/picture.php?pic='.$thumb_id.'" />
</div>';
}
echo $thumb;
?>
</div>
The thing is, it works perfect in any browser but chrome. The problem is the browser (or server) seems to add a very odd entity in our file-source (for the img-tag). It cannot be displayed in the page source, neither by echoing the source out. It is only visible through chromes developer tools, and shows up as a square (unknown entity?). It is placed right after "inc/".
(picture-example of the problem in chrome developer tools.)
Not only does this seem strange, but also, it works perfect in chrome when we use a localhost (wamp/mamp/xampp etc.). Likewise, the image can still be downloaded/viewed if hardcoded into either url bar or source.
We have tried converting it to string, adding the slash through php, setting enctype and anything else we could possibly think of.
This leads us to believe it must be a serverside problem? Are we mistaken?
And if not, is there a workaround through coding?
The gallery is live at http://46246.rtsphp.dk/gallery/index.php.
Let me know if you need more files than this somehow, or anything else. Any help would be greatly appreciated, since we ourselves are clueless :S
~Esben Tind (esbentind at gmail dot com)
This is a serverside issue. Your thumbnails.php script is sending the following header:
Content-Disposition: attachment; filename=nytaar1.jpg
This makes the browser try to download the file. I'd suggest searching for that in thumbnails.php and removing it.
You need to HTML-encode all values you use in HTML, using the htmlspecialchars() function, like so:
<img alt="'.htmlspecialchars($thumb_id).'" src="'.htmlspecialchars($picsource).'" value="inc/picture.php?pic='.htmlspecialchars($thumb_id).'" />
Otherwise, if any of the values by any chance contains & characters or similar, you produce invalid HTML, and the output is undefined - some browsers may guess correctly what you meant, others will mis-guess or simply refuse to render your HTML.
Related
Creating a rating system and the info is not being transmitted through my $_GET variable. The code is below
if (isset($_GET['item'], $_GET['rating'])){
echo 'Works!';
}
The variable is being entered in this code below
<?php echo number_format(
$article['rating'],1); ?>
<div class = "rate">
Rate:
<?php
for ($x =1; $x<= $maximum_rating; $x++){
?>
<a href="prestige.php?item=<?php echo $article['id']; ?>&rating=<?php echo $x;?>">
<?php echo $x; ?></a>
<?php
}
?>
I am fairly new to programming so any ideas or tips would be greatly appreciated.
There are a couple of things you should do.
1.
Instead of
prestige.php?item=<?php echo $article['id']; ?>&rating=<?php echo $x;?>
Use
prestige.php?<?= http_build_query(array('item' => $article['id'], 'rating' => $x), '&') ?>
This will escape the parameters. Vars $article['id'] and $x could contain characters that break the HTML or URL.
2.
Look at the Net tab in your Firebug/Chrome dev toolbar. Are there any redirects? What headers are sent?
Also look at the address bar to see if prestige.php really is loaded with the GET parameters.
3.
Use a debug tool like XDebug to step through your code. You might have some code that resets the $_GET vars. Personally I use the IDE PHPed, but it's kinda expensive.
The code you posted works. So the snag must be in the code you did not post:
maybe the prestige.php page has a PHP error that prevents it from displaying anything; start with an empty file containing just <?php echo 'OK so far'; ?>.
maybe the page contains code (security checks, frameworks...) that kills $_GET. (reduce the page to a minimum working case, without include/requires)
maybe the page does work, but the output gets snarked by an untimely ob_end_clean() that was meant to "clean the page" before the real output started; (reduce the page to a minimum working case)
maybe the page works, the string 'Works' is there, but you can't see it due to HTML markup, CSS, or other rendering problems (check the page source)
the URL might be broken because the item code contains invalid URL characters (check what appears in the browser address bar)
there might be an URL rewrite scheme that interferes (check .htaccess and the server logs)
I just remembered something like this happening with international characters in the URL. Try with an ASCII-clean item code to see what happens.
Just to be sure: verify there is no auto_prepend'ed file which might interfere.
Then, it might also be more than one of the above acting together. Often when debugging one unintentionally breaks some code, and even after fixing the first bug, the code doesn't start working again - this doesn't mean the fix was invalid.
I'm sorry -- I'm at the end of my options. I really look forward to knowing what the reason was. (Usually the more explanations I amass, the more the real answer tends to be "none of the above". When it happens to me, sometimes I wonder whether to start to believe in gremlins :-( ).
I'm creating a form where the user should be able to enter any text (used to change articles on the site), Html, JavaScript or literally anything is allowed to type in and post, and so far everything worked. But today I suddenly got this strange error.
When I try to save text with Html to a MySQL database like this:
google
nothing goes wrong, but when I try it like this:
<img src="http://www.google.com/" />
The page does not load (forbidden error) and the database does not contain any of the text is should contain (the Html).
Instead the page shows the following error:
Forbidden
You do not have permission to access this document.
The same problem occurs when I try to post the following data:
src="http:
Why do I get a forbidden error when the post contains that specific piece of text, whats going on here?
Code I'm using:
if($_SERVER['REQUEST_METHOD']=="POST" && !empty($_POST['save'])){
$text = mysql_real_escape_string($_POST['textarea']);
$title = mysql_real_escape_string($_POST['title']);
$query = "INSERT INTO articles (text, title) VALUES ('".$text."','".$title."')";
When I remove the MySQL query I still get the error so it has nothing to do with the database. PHP safe mode is on, could that make a difference?
How can this be fixed?
Edit: Tried the complete application on my xampp server and it did not show the error, but on my hosting server I use the script in a password protected map. could that be the problem? Anyway I'm going to contact my hosting company.
It sounds a bit like mod_security, switched on and in its most aggressive mode, and it thinks you're trying to hack the site. The reason I say it only sounds a bit like that is because no-one should normally configure it to check POST data because that causes far too many false positives. But check the error log(s) as it will probably be listed there if it's that. If so you'll need to turn it off in the hosting settings or nag your host to do it.
Also try a bare minimum script: <?php var_dump($GLOBALS); ?> to see if the data reaches PHP at all.
try:
if($_POST && !empty($_POST['save'])){
$text = mysql_real_escape_string(htmlentities($_POST['textarea']));
$title = mysql_real_escape_string(htmlentities($_POST['title']));
Send this into your db
<a href=www.google.com>Google</a>
or
When called from db
echo "http://".$row_TabelName['RowName'];
It should solve your issue.
if you wish to use the following
base64encode() and insert ,after read base64decode()
Try this sample code I threw together to illustrate a point:
<?php
$url = "http://www.amazon.com/gp/offer-listing/B003WSNV4E/";
$html = file_get_contents($url);
echo($html);
?>
The amazon homepage works fine using this method (it is echoed in the browser), but this page just doesn't output anything. Is there a reason for this, and how can I fix it?
I think your problem is that you're misunderstanding your own code.
You made this comment on the question (emphasis mine):
I've never used those utilities before, so maybe I'm doing it wrong but it only seems to be downloading this page: https://www.amazon.com/gp/offer-listing/B003WSNV4E/ref=dp_olp_new?ie=UTF8&condition=new
This implies to me that an Amazon page is appearing in your browser when you run this code. This is entirely expected.
When you try to download https://rads.stackoverflow.com/amzn/click/B003WSNV4E, you're being redirected to https://www.amazon.com/gp/offer-listing/B003WSNV4E/ref=dp_olp_new?ie=UTF8&condition=new which is the intent of StackOverflow's RADS system.
What happens from there is your code is loading the raw HTML into your $html variable and dumping it straight to the browser. Because you're passing raw HTML to the browser, the browser is interpreting it as such, and it tries (and succeeds) in rendering the page.
If you just want to see the code, but not render it, then you need to convert it into html entities first:
echo htmlentities($html);
I have a little problem here, and no tutorials have been of help, since I couldn't find one that was directed at this specific problem.
I have 2 hosting accounts, one on a server that supports PHP. And the other on a different server that does not support PHP.
SERVER A = PHP Support, and
SERVER B = NO PHP Support.
On server a I have a php script that generates a random image. And On server b, i have a html file that includes a javascript that calls that php function on server a. But no matter how I do it, it never works.
I have the following code to retrieve the result from the php script:
<script language="javascript" src="http://www.mysite.com/folder/file.php"></script>
I know I'm probably missing something, but I've been looking for weeks! But haven't found any information that could explain how this is done. Please help!
Thank you :)
UPDATE
The PHP script is:
$theimgs= array ("images/logo.png", "images/logo.png", "images/logo.png", "images/logo.png", "images/logo.png");
function doitnow ( $imgs) {
$total = count($imgs);
$call = rand(0,$total-2);
return $imgs[$call];
}
echo '<img src="'.doitnow($theimgs).'" alt="something" />';
<img src="http://mysite.com/folder/file.php" alt="" /> ?
It's not clear, why you include a PHP file as JavaScript. But try following:
Modify your PHP Script so that it returns a image file directly. I'll call that script image.php. For further information, look for the PHP function: header('Content-type: image/jpeg')
In your JavaScript file use image.php as you would any normal image.
Include the JavaScript on server B as a *.js file.
UPDATE:
It's still not clear, why you need JavaScript.
Try as image.php:
$theimgs= array ("images/logo.png", "images/logo.png", "images/logo.png", "images/logo.png", "images/logo.png");
function doitnow ( $imgs) {
$total = count($imgs);
$call = rand(0,$total-2);
return $imgs[$call];
}
$host = $_SERVER['HTTP_HOST'];
$uri = rtrim(dirname($_SERVER['PHP_SELF']), '/\\');
$extra = 'mypage.php';
header("Location: http://$host$uri/" . doitnow($theimgs));
And on server b:
<img src="www.example.org/image.php"/>
You didn't specify, but I assume the two servers have different domain/hostnames. You may be running into a browser security model problem (same origin policy).
If that's the case, you need to use JSONP.
You may be using outdated sources to learn, since the language attribute is deprecated and you should use type="text/javascript" instead. It's also not clear what kind of output does the .php script produce. If it's image data, why are you trying to load it as a script and not an image (i.e., with the <img> tag)?
Update: The script is returning HTML, which means it should be loaded using Ajax, but you can't do that if it's on a different domain due to the same origin policy. The reason nothing is working now is that scripts loaded using the <script> tag aren't interpreted as HTML. To pass data between servers, you should try JSONP instead.
It seems that server A generates an HTML link to a random image (not an image). The URL is relative to wherever you insert it:
<img src="images/logo.png" alt="something" />
That means that you have an images subdirectory everywhere you are using the picture. If not, please adjust the URL accordingly. Forget about JavaScript, PHP or AJAX: this is just good old HTML.
Update
The PHP Script displays pics randomly.
Pics are hosted on server A, and they
are indeed accessible and readable
from the internet. The PHP Script has
been tested by itself, and works.
If these statements are true, Māris Kiseļovs' answer should work. So either your description of the problem is inaccurate or you didn't understand the answer...
Im pulling the binary data out of my mySql database and want to display it as a image.
I do not want to make a separate page for it to display the image (this would involve a extra call to the databae among other things)
I simply want to be able to do
Pretty much but the $Image variable is in its longblob format and I need to convert it.
THanks in advance.
I know this is not a specific answer to your question, but consider that by removing that database call, you are dramatically increasing your server load, increasing the size of each page and slowing down the responsiveness of your site.
Consider any page stackoverflow. Most of it is dynamic, so the page cannot be cached. but the users' thumbnail is static and can be cached.
If you send the thumbnail as a data URI, you are doing the DB lookup and data transfer for every thumbnail on every page.
If you send it as a linked image, you incur a single DB lookup for when the image is first loaded, and from then on it will be cached (if you send the correct HTTP headers with it), making your server load lighter, and your site run faster!
I do not want to make a separate page for it to display the image
You can base64 encode your image data and include it directly into the markup as a data URI. In most cases, that's not a good idea though:
It's not supported by IE < 8
It (obviously) sizes up the HTML page massively.
It slows down rendering because the browser has to load the resource first before it can finish HTML rendering
Better build a separate script, and make that one extra call.
You could probably do this using Base64-encoded Data URIs.
I'm not sure if it's possible to do straight into a img-tag, but you can do it by setting a background-image for a div.
Basically you change the regular
.smurfette {
background: url(smurfette.png);
}
to
.smurfette {
background: url(data:image/png;base64,iVBORw0KGgo [...] P6VAAAAAElFTkSuQmCC);
}
Data URIs are supported in:
* Firefox 2+
* Safari – all versions
* Google Chrome – all versions
* Opera 7.2+
* Internet Explorer 8+
Info borrowed from Robert Nyman: http://robertnyman.com/2010/01/15/how-to-reduce-the-number-of-http-requests/
$_GET the result into a separate variable i.e. $myvar = $_GET['Id']; before you process the $imageResult line e.g.:
$myid = $_GET['Id'];
$ImageResult = "select player.Image from player where Id = '$myid'";
thanks for the answers, ive decided to go with a separate GetImage.php page but now cant seem to do the simplest of tasks
$ImageResult = "select player.Image from player where Id = " . $_GET['Id'];
$result = mysql_query($ImageResult) or die ("data recovery failed -3");
header("Content-type: image/jpeg");
echo mysql_result($result, 0);
But this returns just a broken link and cannot work out what I have missed out