no image from mysql table, just binary data.help?

  • nuhorizon
  • Student
  • Student
  • nuhorizon
  • Posts: 68

Post 3+ Months Ago

i have a forum im making . and im trying to make the picture thats stored in the user_table to show up..but all i get is binary data ...


the code for viewing the entries is here:

PHP Code: [ Select ]
 
 
 
$query = "SELECT * FROM mb_entries, mb_users WHERE mb_entries.username = mb_users.user";
 
 
 
 
 
 
 
   $r= mysql_query($query); //Execute the query.
 
 
 
   
 
 
 
   
 
   while($row = mysql_fetch_array ($r)) {
 
 
 
     
 
 
 
 
 
           
 
           
 
            print " <br><br><table border=0 style=\"background-color:black; border:1px solid white; width:400px\">
 
 
 
<tr>
 
 
 
<td align='left'>";
 
 
 
?>
 
 
 
<?php
 
 
 
print '
 
 
 
<img src=" " >
 
 
 
';
 
?>
 
 
 
 
 
 
 
<?php
 
 
 
print "
 
 
 
</td>
 
 
 
 
 
 
 
 
 
<td>
 
 
 
Title:   {$row['title']} <br>
 
  Posted by: <b>  {$row['username']}   </b>  <br><Br>
 
 
 
Message:  {$row['entry']}
 
 
 
 
 
</td>
 
</tr>
 
</table>";
 
 
 
}
 
 
  1.  
  2.  
  3.  
  4. $query = "SELECT * FROM mb_entries, mb_users WHERE mb_entries.username = mb_users.user";
  5.  
  6.  
  7.  
  8.  
  9.  
  10.  
  11.  
  12.    $r= mysql_query($query); //Execute the query.
  13.  
  14.  
  15.  
  16.    
  17.  
  18.  
  19.  
  20.    
  21.  
  22.    while($row = mysql_fetch_array ($r)) {
  23.  
  24.  
  25.  
  26.      
  27.  
  28.  
  29.  
  30.  
  31.  
  32.            
  33.  
  34.            
  35.  
  36.             print " <br><br><table border=0 style=\"background-color:black; border:1px solid white; width:400px\">
  37.  
  38.  
  39.  
  40. <tr>
  41.  
  42.  
  43.  
  44. <td align='left'>";
  45.  
  46.  
  47.  
  48. ?>
  49.  
  50.  
  51.  
  52. <?php
  53.  
  54.  
  55.  
  56. print '
  57.  
  58.  
  59.  
  60. <img src=" " >
  61.  
  62.  
  63.  
  64. ';
  65.  
  66. ?>
  67.  
  68.  
  69.  
  70.  
  71.  
  72.  
  73.  
  74. <?php
  75.  
  76.  
  77.  
  78. print "
  79.  
  80.  
  81.  
  82. </td>
  83.  
  84.  
  85.  
  86.  
  87.  
  88.  
  89.  
  90.  
  91.  
  92. <td>
  93.  
  94.  
  95.  
  96. Title:   {$row['title']} <br>
  97.  
  98.   Posted by: <b>  {$row['username']}   </b>  <br><Br>
  99.  
  100.  
  101.  
  102. Message:  {$row['entry']}
  103.  
  104.  
  105.  
  106.  
  107.  
  108. </td>
  109.  
  110. </tr>
  111.  
  112. </table>";
  113.  
  114.  
  115.  
  116. }
  117.  
  118.  


i have 2 tables, one called :

mb_users
http://nuhorizononline.web.aplus.net/mb_user.JPG


and

mb_entries:
http://nuhorizononline.web.aplus.net/mb_entries.JPG


any help?

Thanks,

-Mike[/url]
  • Anonymous
  • Bot
  • No Avatar
  • Posts: ?
  • Loc: Ozzuland
  • Status: Online

Post 3+ Months Ago

  • this213
  • Guru
  • Guru
  • User avatar
  • Posts: 1260
  • Loc: ./

Post 3+ Months Ago

I understand what you're trying to do, but I don't see how you can expect the code you posted to do anything even remotely similar. Before I get into your actual problem though, there are a couple other issues you need to look into.

Whitespace is not always a good thing. You don't need multiple lines of nothing but white space and actual spaces breaking your code all up. The idea is to use it (in moderation) to group common functionality together. If you're using some code editor that outputs stuff that looks like this, go get PSPad (http://www.pspad.com)

You shouldn't be using double quotes on your HTML string. In that entire thing, you're only outputting 4 variables, all of which reside in a associative array. A better way to write it would be something like:
Code: [ Select ]
'This is my string with a '.$data['value'].' embedded';

Since you're only writing a very few variables into a relatively large HTML block, and even better way would be to escape out of PHP entirely (which I show below).

There's hardly ever a reason to use mysql_fetch_array(). 9 times out of 10, including this one, what you really need is mysql_fetch_assoc(). The difference is that mysql_fetch_array() creates an array that's twice as large as the data because it creates keys by column name as well as by number. This doesn't have much effect on a small site, but can make a difference when something running on your code gets popular.

Never, never, never use single character variable names unless it's the $i in a for() (for() being something that you should probably be using a foreach() in place of anyway). The standard for a database result handler is "$result". Using single character variable names does not make your code look more "professional" in any way, shape or form and it's not that hard to think of a real name and press a few extra keys.

Here's your code, cleaned up:
PHP Code: [ Select ]
<?php
   $query = "SELECT * FROM mb_entries, mb_users WHERE mb_entries.username=mb_users.user";
    $result = mysql_query($query);
    while( $row = mysql_fetch_assoc($result) ){
   
?><br><br>
<table border=0 style="background-color:black; border:1px solid white; width:400px">
   <tr>
   <td align='left'><img src=" " ></td>
   <td>Title: <?php echo $row['title']; ?><br>
Posted by: <b><?php echo $row['username']; ?></b>
<br><Br>
Message: <?php echo $row['entry']; ?>
   </td>
   </tr>
</table>
<?php
   }
?>
  1. <?php
  2.    $query = "SELECT * FROM mb_entries, mb_users WHERE mb_entries.username=mb_users.user";
  3.     $result = mysql_query($query);
  4.     while( $row = mysql_fetch_assoc($result) ){
  5.    
  6. ?><br><br>
  7. <table border=0 style="background-color:black; border:1px solid white; width:400px">
  8.    <tr>
  9.    <td align='left'><img src=" " ></td>
  10.    <td>Title: <?php echo $row['title']; ?><br>
  11. Posted by: <b><?php echo $row['username']; ?></b>
  12. <br><Br>
  13. Message: <?php echo $row['entry']; ?>
  14.    </td>
  15.    </tr>
  16. </table>
  17. <?php
  18.    }
  19. ?>

I notice you have nothing in the image src here. This would explain why you're seeing nothing at all. However, whenever you're pulling binary data out of a database, you need to store the mime type and the file size and you have to have a separate script whose sole purpose is to pull the image out of the database and send it to the page. Something like:
PHP Code: [ Select ]
<?php
   $sql = "SELECT * FROM wherever_my_file_data_resides WHERE something='whatever'";
   $file_data = mysql_fetch_assoc(mysql_query($sql));
   $data = $file_data['file_binary'];
    $type = $file_data['file_type'];
    $size = $file_data['file_size'];
    $name = $file_data['file_name'];
   
    header( "Content-type: $type");
   header( "Content-length: $size" );
   header( "Content-Disposition: attachment; filename=$name" );
    echo $data;
?>
  1. <?php
  2.    $sql = "SELECT * FROM wherever_my_file_data_resides WHERE something='whatever'";
  3.    $file_data = mysql_fetch_assoc(mysql_query($sql));
  4.    $data = $file_data['file_binary'];
  5.     $type = $file_data['file_type'];
  6.     $size = $file_data['file_size'];
  7.     $name = $file_data['file_name'];
  8.    
  9.     header( "Content-type: $type");
  10.    header( "Content-length: $size" );
  11.    header( "Content-Disposition: attachment; filename=$name" );
  12.     echo $data;
  13. ?>



To display the image on the page, you just call the above script as though it were an image:

Code: [ Select ]
<img src="image.php?image_id=123">


HTH
  • nuhorizon
  • Student
  • Student
  • nuhorizon
  • Posts: 68

Post 3+ Months Ago

thanks! that will help..

my upload function was this..

if ($_REQUEST[completed] == 1) {

move_uploaded_file($_FILES['imagefile']['tmp_name'],"latest.img");
$instr = fopen("latest.img","rb");
$image = addslashes(fread($instr,filesize("latest.img")));


..it worked...but now since you said i have to get the size and type.. i dont know how to incorporate that into the upload function...

i've seen other upload functions but they dont work lol for me at at least...

could u guide me to a good upload technique?
  • nuhorizon
  • Student
  • Student
  • nuhorizon
  • Posts: 68

Post 3+ Months Ago

hey the upload works now ...

i just have a question about my image..


here's the view_entry.php page i have..



$query = "SELECT * FROM mb_entries, mb_users WHERE mb_entries.username = mb_users.user";
$result = mysql_query($query);


// if the guestbook is empty show a message
if(mysql_num_rows($result) == 0)
{
?>
<p><br><br> <font color="white">Message Board is empty. </font> </p>
<?php
}
else
{

while( $row = mysql_fetch_assoc($result) ){

?><br><br>

<table border=0 style="background-color:black; border:1px solid whit e; width:400px">
<tr>
<td align='left'> <img src="view_picture.php?id={$row['user_id']}"> </td>
<td>Title: <?php echo $row['title']; ?><br>
Posted by: <b><?php echo $row['username']; ?></b>
<br><Br>
Message: <?php echo $row['entry']; ?>
</td>
</tr>
</table>

<?php
}

}






and here's my view picture :


import_request_variables("gP");

if(isset($_GET['id']))
{
// if id is set then get the file with the id from database

;
$id = $_GET['id'];

$query = "SELECT img_title, imgdata, image_type, image_size " .
"FROM mb_users WHERE user_id = '$id'";

$result = mysql_query($query) or die('Error, query failed');
list($fileName, $content, $fileType, $fileSize) = mysql_fetch_array($result);

header("Content-length: $fileSize");
header("Content-type: $fileType");
header("Content-Disposition: attachment; filename=$fileName");
echo $content;

exit;
}



in my messageboad, i just have a red x in my picture box..i dont think its getting the image...

could u help me out with that?

my message board is at http://www.nuhorizononline.com/messageB ... eBoard.php

thanks.
  • this213
  • Guru
  • Guru
  • User avatar
  • Posts: 1260
  • Loc: ./

Post 3+ Months Ago

Never use user submitted values directly in the query string like that. At the very least, you should be assigning the value to the variable using addslashes(). Since the id is a number, you'd do better to use intval(). You can look both of these up here (a good idea would be to bookmark this page): http://www.php.net/quickref.php

As for dealing with your file uploads: http://us2.php.net/features.file-upload
The $_FILES array contains the mime type of the uploaded file. There's a basic tutorial for doing all of this here: http://codewalkers.com/tutorials/35/1.html
  • nuhorizon
  • Student
  • Student
  • nuhorizon
  • Posts: 68

Post 3+ Months Ago

thanks..the upload works fine ..

here's a quick question..

regarding my image in the user table..

i can grab the user_id, but it wont display the image ..

look at this to see what im talking about. http://www.nuhorizononline.com/viewPicture.php

the user_table has:

user_id, first_name, last_name...,img_title, image_size, image_type, imgdata
  • this213
  • Guru
  • Guru
  • User avatar
  • Posts: 1260
  • Loc: ./

Post 3+ Months Ago

Your Site wrote:
Warning: mysql_query() [function.mysql-query]: Access denied for user 'root'@'localhost' (using password: NO) in /home/u7/nuhorizononline/html/download2.php on line 41
  • nuhorizon
  • Student
  • Student
  • nuhorizon
  • Posts: 68

Post 3+ Months Ago

sorry, i fixed it..

check it out now...

when i click on the link, it grabs the user_id but outputs no image when i call for it in the download2.php

in IE it shows me binary data

in firefox it shows me: http://www.nuhorizononline.com/download2.php?id=40

any suggestions?
  • this213
  • Guru
  • Guru
  • User avatar
  • Posts: 1260
  • Loc: ./

Post 3+ Months Ago

That's giving a header of Content-Type: image/pjpeg, change it to image/jpeg
  • nuhorizon
  • Student
  • Student
  • nuhorizon
  • Posts: 68

Post 3+ Months Ago

changing it to image/jpeg doesnt do anything to it...

check it out again..

http://www.nuhorizononline.com/viewPicture.php


my code for download2.php is:

PHP Code: [ Select ]
 
if ($dbc = @mysql_connect ('localhost', 'database', 'password')) {
 
      if (!@mysql_select_db ('db)) {
 
     
 
      die ('<p> Could not select the database because: <b>' . mysql_error() . '</b> </p>');
 
      }
 
   }
 
   
 
   else {
 
         die ('<p> Could not connect to MySQL because: <b>' . mysql_error() . '</b> </p>');
 
         }
 
 
 
 
 
$sql = "SELECT * FROM mb_users  WHERE user_id = {$_GET['id']}";
 
 
 
     
 
   $file_data = mysql_fetch_assoc(mysql_query($sql));
 
   $data = $file_data['imgdata'];
 
 
 
   $size = $file_data['image_size'];
 
   $name = $file_data['img_name'];
 
   
 
   header( "Content-type: image/jpeg");
 
   header( "Content-length: $size" );
 
 
 
   echo $data;
 
 
 
   
 
 
 
 
 
print "
 
 
 
{$row['user']}
 
 
 
 
 
 
 
{$row['pass']}
 
 
 
";
 
 
  1.  
  2. if ($dbc = @mysql_connect ('localhost', 'database', 'password')) {
  3.  
  4.       if (!@mysql_select_db ('db)) {
  5.  
  6.      
  7.  
  8.       die ('<p> Could not select the database because: <b>' . mysql_error() . '</b> </p>');
  9.  
  10.       }
  11.  
  12.    }
  13.  
  14.    
  15.  
  16.    else {
  17.  
  18.          die ('<p> Could not connect to MySQL because: <b>' . mysql_error() . '</b> </p>');
  19.  
  20.          }
  21.  
  22.  
  23.  
  24.  
  25.  
  26. $sql = "SELECT * FROM mb_users  WHERE user_id = {$_GET['id']}";
  27.  
  28.  
  29.  
  30.      
  31.  
  32.    $file_data = mysql_fetch_assoc(mysql_query($sql));
  33.  
  34.    $data = $file_data['imgdata'];
  35.  
  36.  
  37.  
  38.    $size = $file_data['image_size'];
  39.  
  40.    $name = $file_data['img_name'];
  41.  
  42.    
  43.  
  44.    header( "Content-type: image/jpeg");
  45.  
  46.    header( "Content-length: $size" );
  47.  
  48.  
  49.  
  50.    echo $data;
  51.  
  52.  
  53.  
  54.    
  55.  
  56.  
  57.  
  58.  
  59.  
  60. print "
  61.  
  62.  
  63.  
  64. {$row['user']}
  65.  
  66.  
  67.  
  68.  
  69.  
  70.  
  71.  
  72. {$row['pass']}
  73.  
  74.  
  75.  
  76. ";
  77.  
  78.  


it doesn't seem to read any of the fields on the download2.php page... on viewPicture.php it prints out the username and first name, etc. though.
  • this213
  • Guru
  • Guru
  • User avatar
  • Posts: 1260
  • Loc: ./

Post 3+ Months Ago

Where's your Content-Disposition header?
  • this213
  • Guru
  • Guru
  • User avatar
  • Posts: 1260
  • Loc: ./

Post 3+ Months Ago

Try this
Code: [ Select ]
<?php
    if( $dbc = @mysql_connect('localhost','database','password') ){
        if( !@mysql_select_db('db) ){
            die ('<p> Could not select the database because: <b>'.mysql_error().'</b> </p>');
        }
    } else {
        die ('<p> Could not connect to MySQL because: <b>' . mysql_error() . '</b> </p>');
    }

    $user_id = intval($_GET['user_id']);

  $sql = "SELECT * FROM mb_users WHERE user_id='$user_id'";
  $file_data = mysql_fetch_assoc(mysql_query($sql));
  $data = $file_data['imgdata'];
  $type = $file_data['file_type'];
  $size = $file_data['image_size'];
  $name = $file_data['file_name'];
  
  header( "Content-type: image/jpeg"); // $type");
  header( "Content-length: $size" );
  header( "Content-Disposition: attachment; filename=$name" );
  echo $data;
?>
  1. <?php
  2.     if( $dbc = @mysql_connect('localhost','database','password') ){
  3.         if( !@mysql_select_db('db) ){
  4.             die ('<p> Could not select the database because: <b>'.mysql_error().'</b> </p>');
  5.         }
  6.     } else {
  7.         die ('<p> Could not connect to MySQL because: <b>' . mysql_error() . '</b> </p>');
  8.     }
  9.     $user_id = intval($_GET['user_id']);
  10.   $sql = "SELECT * FROM mb_users WHERE user_id='$user_id'";
  11.   $file_data = mysql_fetch_assoc(mysql_query($sql));
  12.   $data = $file_data['imgdata'];
  13.   $type = $file_data['file_type'];
  14.   $size = $file_data['image_size'];
  15.   $name = $file_data['file_name'];
  16.   
  17.   header( "Content-type: image/jpeg"); // $type");
  18.   header( "Content-length: $size" );
  19.   header( "Content-Disposition: attachment; filename=$name" );
  20.   echo $data;
  21. ?>
  • nuhorizon
  • Student
  • Student
  • nuhorizon
  • Posts: 68

Post 3+ Months Ago

hey! that works, i save the image but when i open it there's no image , it just says no preview available..
  • this213
  • Guru
  • Guru
  • User avatar
  • Posts: 1260
  • Loc: ./

Post 3+ Months Ago

You still have something not quite right, post the current contents of this script:
http://www.nuhorizononline.com/download2.php
Be sure you're changing your database username and password for the sake of security.

Make sure you're storing the file's binary, size, type and name in the database and are able to call them back out. You might also post your upload script so I can see how you're doing things there too.
  • nuhorizon
  • Student
  • Student
  • nuhorizon
  • Posts: 68

Post 3+ Months Ago

this whole thing is so i can be able to grab the image from the user table and display it on the message board on this site im making... upload form can be looked at http://www.nuhorizononline.com/messageB ... ter_mb.php (it's not fully validated yet, but it works and i got the image to upload as well)

here's the php script for the upload :

PHP Code: [ Select ]
 
<?php
 
ini_set('display_errors', 1);
 
error_reporting(E_ALL & ~E_NOTICE);
 
import_request_variables("gP");
 
 
 
         
 
if (isset ($_POST['submit'])) {    
 
 
 
 
 
//connect to MySQL server and select databse
 
   if ($dbc = @mysql_connect ('localhost', 'myusername', 'mypassword')) { //connect to MySQL
 
      if (!@mysql_select_db ('mydatabase')) { //connect to myblog database
 
 
 
     
 
      die ('<p> Could not select the database because: <b>' . mysql_error() . '</b> </p>');
 
      }
 
   }
 
   
 
   else {
 
         die ('<p> Could not connect to MySQL because: <b>' . mysql_error() . '</b> </p>');
 
         }
 
     
 
         
 
   
 
         
 
 //CHECK FOR UNIQUE USERNAME
 
 
 
 
 
$username =($_POST['username']);  
 
 
 
 
 
$sql = "SELECT * FROM mb_users WHERE user = '$username'";    
 
$row = mysql_fetch_assoc(mysql_query($sql));    
 
 
 
if( $row['user'] == $username) {
 
   print '<p style="color:white; border:1px solid white; width:400px"> <font color="orange"> ERROR: </font> Username is already taken. Please pick another one. </p>';
 
   }
 
   
 
   else {
 
   
 
 
 
//THIS IS WHERE THE UPLOAD STARTS
 
 
 
if(isset($_POST['submit']) && $_FILES['userfile']['size'] > 0)
 
{
 
$fileName = $_FILES['userfile']['name'];
 
$tmpName  = $_FILES['userfile']['tmp_name'];
 
$fileSize = $_FILES['userfile']['size'];
 
$fileType = $_FILES['userfile']['type'];
 
 
 
$fp      = fopen($tmpName, 'r');
 
$content = fread($fp, filesize($tmpName));
 
$content = addslashes($content);
 
fclose($fp);
 
 
 
if(!get_magic_quotes_gpc())
 
{
 
    $fileName = addslashes($fileName);
 
 
 
 
 
 
 
   
 
//DEFINE the query.
 
 
 
$query = "INSERT INTO mb_users (user_id, date_entered, first_name, last_name, user, pass, user_email, city, province, country, age, sex, img_title, imgdata, image_type, image_size)
 
        VALUES (0, NOW(), '{$_POST['first_name']}', '{$_POST['last_name']}', '{$_POST['username']}', '{$_POST['password']}', '{$_POST['email']}', '{$_POST['city']}', '{$_POST['prov']}', '{$_POST['country']}', '{$_POST['age']}', '{$_POST['sex']}','$fileName', '$content', '$fileType', '$fileSize')";
 
 
 
     
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
//EMAIL CONFIRMATION TO NEW USER
 
 
 
$to= $email;
 
 
 
   $subject = "Confirmation Message -DO NOT REPLY-";
 
 
 
   $body= "Thanks $first_name! You're now registered which means you can post messages, buy merchandise, and also win cool prizes! \n
 
      Your account information is here: \n
 
 
 
      Username: $username \n
 
      password: $password \n
 
      e-mail: $email ";
 
 
 
 
 
 
 
// To send HTML mail, the Content-type header must be set
 
$headers  = 'MIME-Version: 1.0' . "\r\n";
 
 
 
 
 
$headers .= 'From: NuHorizon Message Board <webmaster@nuhorizononline.com>' . "\r\n";
 
 
 
 
 
 
 
   mail($to, $subject,$body, $headers);
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
//CHECK TO SEE IF THE QUERY HAS BEEN SUBMITTED OKAY.
 
if (@mysql_query ($query)) {
 
 
 
 
 
         //REDIRECT USER TO WELCOME PAGE
 
         header('Location:confirm_registration.php');
 
         exit();
 
   
 
   
 
 
 
       
 
   }
 
 
 
 
 
   
 
   else {
 
   
 
   // if the file is not less than the maximum allowed, print an error
 
         echo
 
          '<div>File exceeds the Maximum File limit</div>
 
         <div>Maximum File limit is '.$maxsize.'</div>
 
         <div>File '.$_FILES['imagefile']['name'].' is '.$_FILES['imagefile']['size'].' bytes</div>
 
         <hr />';
 
         }
 
 
 
      }    
 
         
 
   
 
} //END of unique username.
 
 
 
 
 
 
 
 
 
   mysql_close(); //Close the connection.    
 
   
 
 
 
 
 
} //END OF ELSE
 
 
 
 
 
 } //END OF UPLOAD   
 
 
 
 
 
 
 
 
 
?>
 
 
  1.  
  2. <?php
  3.  
  4. ini_set('display_errors', 1);
  5.  
  6. error_reporting(E_ALL & ~E_NOTICE);
  7.  
  8. import_request_variables("gP");
  9.  
  10.  
  11.  
  12.          
  13.  
  14. if (isset ($_POST['submit'])) {    
  15.  
  16.  
  17.  
  18.  
  19.  
  20. //connect to MySQL server and select databse
  21.  
  22.    if ($dbc = @mysql_connect ('localhost', 'myusername', 'mypassword')) { //connect to MySQL
  23.  
  24.       if (!@mysql_select_db ('mydatabase')) { //connect to myblog database
  25.  
  26.  
  27.  
  28.      
  29.  
  30.       die ('<p> Could not select the database because: <b>' . mysql_error() . '</b> </p>');
  31.  
  32.       }
  33.  
  34.    }
  35.  
  36.    
  37.  
  38.    else {
  39.  
  40.          die ('<p> Could not connect to MySQL because: <b>' . mysql_error() . '</b> </p>');
  41.  
  42.          }
  43.  
  44.      
  45.  
  46.          
  47.  
  48.    
  49.  
  50.          
  51.  
  52.  //CHECK FOR UNIQUE USERNAME
  53.  
  54.  
  55.  
  56.  
  57.  
  58. $username =($_POST['username']);  
  59.  
  60.  
  61.  
  62.  
  63.  
  64. $sql = "SELECT * FROM mb_users WHERE user = '$username'";    
  65.  
  66. $row = mysql_fetch_assoc(mysql_query($sql));    
  67.  
  68.  
  69.  
  70. if( $row['user'] == $username) {
  71.  
  72.    print '<p style="color:white; border:1px solid white; width:400px"> <font color="orange"> ERROR: </font> Username is already taken. Please pick another one. </p>';
  73.  
  74.    }
  75.  
  76.    
  77.  
  78.    else {
  79.  
  80.    
  81.  
  82.  
  83.  
  84. //THIS IS WHERE THE UPLOAD STARTS
  85.  
  86.  
  87.  
  88. if(isset($_POST['submit']) && $_FILES['userfile']['size'] > 0)
  89.  
  90. {
  91.  
  92. $fileName = $_FILES['userfile']['name'];
  93.  
  94. $tmpName  = $_FILES['userfile']['tmp_name'];
  95.  
  96. $fileSize = $_FILES['userfile']['size'];
  97.  
  98. $fileType = $_FILES['userfile']['type'];
  99.  
  100.  
  101.  
  102. $fp      = fopen($tmpName, 'r');
  103.  
  104. $content = fread($fp, filesize($tmpName));
  105.  
  106. $content = addslashes($content);
  107.  
  108. fclose($fp);
  109.  
  110.  
  111.  
  112. if(!get_magic_quotes_gpc())
  113.  
  114. {
  115.  
  116.     $fileName = addslashes($fileName);
  117.  
  118.  
  119.  
  120.  
  121.  
  122.  
  123.  
  124.    
  125.  
  126. //DEFINE the query.
  127.  
  128.  
  129.  
  130. $query = "INSERT INTO mb_users (user_id, date_entered, first_name, last_name, user, pass, user_email, city, province, country, age, sex, img_title, imgdata, image_type, image_size)
  131.  
  132.         VALUES (0, NOW(), '{$_POST['first_name']}', '{$_POST['last_name']}', '{$_POST['username']}', '{$_POST['password']}', '{$_POST['email']}', '{$_POST['city']}', '{$_POST['prov']}', '{$_POST['country']}', '{$_POST['age']}', '{$_POST['sex']}','$fileName', '$content', '$fileType', '$fileSize')";
  133.  
  134.  
  135.  
  136.      
  137.  
  138.  
  139.  
  140.  
  141.  
  142.  
  143.  
  144.  
  145.  
  146.  
  147.  
  148.  
  149.  
  150.  
  151.  
  152. //EMAIL CONFIRMATION TO NEW USER
  153.  
  154.  
  155.  
  156. $to= $email;
  157.  
  158.  
  159.  
  160.    $subject = "Confirmation Message -DO NOT REPLY-";
  161.  
  162.  
  163.  
  164.    $body= "Thanks $first_name! You're now registered which means you can post messages, buy merchandise, and also win cool prizes! \n
  165.  
  166.       Your account information is here: \n
  167.  
  168.  
  169.  
  170.       Username: $username \n
  171.  
  172.       password: $password \n
  173.  
  174.       e-mail: $email ";
  175.  
  176.  
  177.  
  178.  
  179.  
  180.  
  181.  
  182. // To send HTML mail, the Content-type header must be set
  183.  
  184. $headers  = 'MIME-Version: 1.0' . "\r\n";
  185.  
  186.  
  187.  
  188.  
  189.  
  190. $headers .= 'From: NuHorizon Message Board <webmaster@nuhorizononline.com>' . "\r\n";
  191.  
  192.  
  193.  
  194.  
  195.  
  196.  
  197.  
  198.    mail($to, $subject,$body, $headers);
  199.  
  200.  
  201.  
  202.  
  203.  
  204.  
  205.  
  206.  
  207.  
  208.  
  209.  
  210.  
  211.  
  212.  
  213.  
  214. //CHECK TO SEE IF THE QUERY HAS BEEN SUBMITTED OKAY.
  215.  
  216. if (@mysql_query ($query)) {
  217.  
  218.  
  219.  
  220.  
  221.  
  222.          //REDIRECT USER TO WELCOME PAGE
  223.  
  224.          header('Location:confirm_registration.php');
  225.  
  226.          exit();
  227.  
  228.    
  229.  
  230.    
  231.  
  232.  
  233.  
  234.        
  235.  
  236.    }
  237.  
  238.  
  239.  
  240.  
  241.  
  242.    
  243.  
  244.    else {
  245.  
  246.    
  247.  
  248.    // if the file is not less than the maximum allowed, print an error
  249.  
  250.          echo
  251.  
  252.           '<div>File exceeds the Maximum File limit</div>
  253.  
  254.          <div>Maximum File limit is '.$maxsize.'</div>
  255.  
  256.          <div>File '.$_FILES['imagefile']['name'].' is '.$_FILES['imagefile']['size'].' bytes</div>
  257.  
  258.          <hr />';
  259.  
  260.          }
  261.  
  262.  
  263.  
  264.       }    
  265.  
  266.          
  267.  
  268.    
  269.  
  270. } //END of unique username.
  271.  
  272.  
  273.  
  274.  
  275.  
  276.  
  277.  
  278.  
  279.  
  280.    mysql_close(); //Close the connection.    
  281.  
  282.    
  283.  
  284.  
  285.  
  286.  
  287.  
  288. } //END OF ELSE
  289.  
  290.  
  291.  
  292.  
  293.  
  294.  } //END OF UPLOAD   
  295.  
  296.  
  297.  
  298.  
  299.  
  300.  
  301.  
  302.  
  303.  
  304. ?>
  305.  
  306.  



my user table is shown here:

http://nuhorizononline.web.aplus.net/userstable.JPG




my download2.php script is here:

PHP Code: [ Select ]
 
<?php
 
   if( $dbc = @mysql_connect('localhost','myusername','mypassword') ){
 
      if( !@mysql_select_db('mydatabase') ){
 
         die ('<p> Could not select the database because: <b>'.mysql_error().'</b> </p>');
 
      }
 
   } else {
 
      die ('<p> Could not connect to MySQL because: <b>' . mysql_error() . '</b> </p>');
 
   }
 
 
 
   $user_id = intval($_GET['user_id']);
 
 
 
    $sql = "SELECT * FROM mb_users WHERE user_id='$user_id'";
 
    $file_data = mysql_fetch_assoc(mysql_query($sql));
 
    $data = $file_data['imgdata'];
 
    $type = $file_data['image_type'];
 
    $size = $file_data['image_size'];
 
    $name = $file_data['image_title'];
 
   
 
    header( "Content-type: image/jpeg"); // $type");
 
    header( "Content-length: $size" );
 
    header( "Content-Disposition: attachment; filename=$name" );
 
    echo $data;
 
?>
  1.  
  2. <?php
  3.  
  4.    if( $dbc = @mysql_connect('localhost','myusername','mypassword') ){
  5.  
  6.       if( !@mysql_select_db('mydatabase') ){
  7.  
  8.          die ('<p> Could not select the database because: <b>'.mysql_error().'</b> </p>');
  9.  
  10.       }
  11.  
  12.    } else {
  13.  
  14.       die ('<p> Could not connect to MySQL because: <b>' . mysql_error() . '</b> </p>');
  15.  
  16.    }
  17.  
  18.  
  19.  
  20.    $user_id = intval($_GET['user_id']);
  21.  
  22.  
  23.  
  24.     $sql = "SELECT * FROM mb_users WHERE user_id='$user_id'";
  25.  
  26.     $file_data = mysql_fetch_assoc(mysql_query($sql));
  27.  
  28.     $data = $file_data['imgdata'];
  29.  
  30.     $type = $file_data['image_type'];
  31.  
  32.     $size = $file_data['image_size'];
  33.  
  34.     $name = $file_data['image_title'];
  35.  
  36.    
  37.  
  38.     header( "Content-type: image/jpeg"); // $type");
  39.  
  40.     header( "Content-length: $size" );
  41.  
  42.     header( "Content-Disposition: attachment; filename=$name" );
  43.  
  44.     echo $data;
  45.  
  46. ?>
  • this213
  • Guru
  • Guru
  • User avatar
  • Posts: 1260
  • Loc: ./

Post 3+ Months Ago

A few things right off the bat:

Never use user-submitted values directly in your SQL queries. You need to at least be doing addslashes to all of those.

Add a hidden field to your upload form and check for the existance of that rather than $_POST['submit'] so when someone submits your form by just hitting their Enter key rather than your button, it still submits properly.

I've tweaked your upload script to incorporate some of what I've said and fix your general layout. I have a habit of just fixing stuff as I go over it, so just try changing what you need to in here and see if it works - save your original though, just in case it doesn't you have something to compare it with:
Code: [ Select ]
<?php
ini_set('display_errors', 1);
init_set('magic_quotes_gpc',0);
error_reporting(E_ALL & ~E_NOTICE);
import_request_variables("gP");

$env = array();
foreach( $_POST as $key => $value ){
    $env[$key] = addslashes(htmlspecialchars($value));
}
unset($_POST);

if( isset($env['submit']) ){
    //connect to MySQL server and select databse
    //connect to MySQL
  if( $dbc = @mysql_connect('localhost','myusername','mypassword') ){
        //connect to myblog database
        if( !@mysql_select_db ('mydatabase') ){
            $diestring = '<p> Could not select the database because: <b>'
            .mysql_error().'</b> </p>';
            die ($diestring);
    }
  } else {
      $diestring = '<p> Could not connect to MySQL because: <b>'
      .mysql_error().'</b> </p>';
        die($diestring);
    }
      
    //CHECK FOR UNIQUE USERNAME
    $username =($env['username']); 

    $sql = "SELECT * FROM mb_users WHERE user = '$username'";  
    $row = mysql_fetch_assoc(mysql_query($sql));  

    if( $row['user'] == $username){
        print '<p style="color:white; border:1px solid white; width:400px">'
        .'<font color="orange"> ERROR: </font> Username is already taken. '
        .'Please pick another one. </p>';
        die();
  } else {
  
    //THIS IS WHERE THE UPLOAD STARTS
    if( isset($env['submit']) && $_FILES['userfile']['size'] > 0 ){
        $fileName = addslashes(htmlspecialchars($_FILES['userfile']['name']));
        $tmpName = $_FILES['userfile']['tmp_name'];
        $fileSize = $_FILES['userfile']['size'];
        $fileType = $_FILES['userfile']['type'];

        $content = addslashes(fread(
            fopen($file['tmp_name'], "r"),filesize($_FILES['userfile'])
        ));

        $first_name = $env['first_name'];
        $last_name = $env['last_name'];
        $username = $env['username'];
        $password = md5($env['password']);
        
        // you need to validate this and kill the script if it fails
        // you can get shut down quick if somone uses your form to push spam.
        $email = validate_email($env['email']);
        
        $city = $env['city'];
        $prov = $env['prov'];
        $country = $env['country'];
        $age = intval($env['age']);
        $sex = $env['sex'];

        //DEFINE the query.
        $query = 'INSERT INTO mb_users ('
        .'user_id, date_entered, first_name, las t_name, user, pass, '
        .'user_email, city, province, country, age, sex, img _title, '
        .'imgdata, image_type, image_size'
        .') VALUES ('
        ."0, NOW(), '$first_name', '$last_name','$username','$password',"
        ."'$email','$city','$prov','$country','$age','$sex',"
        ."'$fileName','$content','$fileType','$fileSize'"
        .')';

        //EMAIL CONFIRMATION TO NEW USER
        $to = $email;
        $subject = "Confirmation Message -DO NOT REPLY-";

        $body= "Thanks $first_name! You're now registered which means you "
        ." can post messages, buy merchandise, and also win cool prizes! \n
    Your account information is here: \n

    Username: $username \n
    password: $password \n
    e-mail: $email ";

        // To send HTML mail, the Content-type header must be set
        $headers = 'MIME-Version: 1.0' . "\r\n";
        $headers .= 'From: NuHorizon Message Board '
        .'<webmaster@nuhorizononline.com>' . "\r\n";

        mail($to,$subject,$body,$headers);

        //CHECK TO SEE IF THE QUERY HAS BEEN SUBMITTED OKAY.
        if( @mysql_query ($query) ){
      //REDIRECT USER TO WELCOME PAGE
      header('Location:confirm_registration.php');
      exit();
      } else {
            // if the file is more than the maximum allowed, print an error
            echo '<div>File exceeds the Maximum File limit</div>
     <div>Maximum File limit is '.$maxsize.'</div>
     <div>File '.stripslashes($fileName).' is '
     .$_FILES['imagefile']['size'].' bytes</div>
     <hr />';
        }
    }  
} //END OF UPLOAD  
?>
  1. <?php
  2. ini_set('display_errors', 1);
  3. init_set('magic_quotes_gpc',0);
  4. error_reporting(E_ALL & ~E_NOTICE);
  5. import_request_variables("gP");
  6. $env = array();
  7. foreach( $_POST as $key => $value ){
  8.     $env[$key] = addslashes(htmlspecialchars($value));
  9. }
  10. unset($_POST);
  11. if( isset($env['submit']) ){
  12.     //connect to MySQL server and select databse
  13.     //connect to MySQL
  14.   if( $dbc = @mysql_connect('localhost','myusername','mypassword') ){
  15.         //connect to myblog database
  16.         if( !@mysql_select_db ('mydatabase') ){
  17.             $diestring = '<p> Could not select the database because: <b>'
  18.             .mysql_error().'</b> </p>';
  19.             die ($diestring);
  20.     }
  21.   } else {
  22.       $diestring = '<p> Could not connect to MySQL because: <b>'
  23.       .mysql_error().'</b> </p>';
  24.         die($diestring);
  25.     }
  26.       
  27.     //CHECK FOR UNIQUE USERNAME
  28.     $username =($env['username']); 
  29.     $sql = "SELECT * FROM mb_users WHERE user = '$username'";  
  30.     $row = mysql_fetch_assoc(mysql_query($sql));  
  31.     if( $row['user'] == $username){
  32.         print '<p style="color:white; border:1px solid white; width:400px">'
  33.         .'<font color="orange"> ERROR: </font> Username is already taken. '
  34.         .'Please pick another one. </p>';
  35.         die();
  36.   } else {
  37.   
  38.     //THIS IS WHERE THE UPLOAD STARTS
  39.     if( isset($env['submit']) && $_FILES['userfile']['size'] > 0 ){
  40.         $fileName = addslashes(htmlspecialchars($_FILES['userfile']['name']));
  41.         $tmpName = $_FILES['userfile']['tmp_name'];
  42.         $fileSize = $_FILES['userfile']['size'];
  43.         $fileType = $_FILES['userfile']['type'];
  44.         $content = addslashes(fread(
  45.             fopen($file['tmp_name'], "r"),filesize($_FILES['userfile'])
  46.         ));
  47.         $first_name = $env['first_name'];
  48.         $last_name = $env['last_name'];
  49.         $username = $env['username'];
  50.         $password = md5($env['password']);
  51.         
  52.         // you need to validate this and kill the script if it fails
  53.         // you can get shut down quick if somone uses your form to push spam.
  54.         $email = validate_email($env['email']);
  55.         
  56.         $city = $env['city'];
  57.         $prov = $env['prov'];
  58.         $country = $env['country'];
  59.         $age = intval($env['age']);
  60.         $sex = $env['sex'];
  61.         //DEFINE the query.
  62.         $query = 'INSERT INTO mb_users ('
  63.         .'user_id, date_entered, first_name, las t_name, user, pass, '
  64.         .'user_email, city, province, country, age, sex, img _title, '
  65.         .'imgdata, image_type, image_size'
  66.         .') VALUES ('
  67.         ."0, NOW(), '$first_name', '$last_name','$username','$password',"
  68.         ."'$email','$city','$prov','$country','$age','$sex',"
  69.         ."'$fileName','$content','$fileType','$fileSize'"
  70.         .')';
  71.         //EMAIL CONFIRMATION TO NEW USER
  72.         $to = $email;
  73.         $subject = "Confirmation Message -DO NOT REPLY-";
  74.         $body= "Thanks $first_name! You're now registered which means you "
  75.         ." can post messages, buy merchandise, and also win cool prizes! \n
  76.     Your account information is here: \n
  77.     Username: $username \n
  78.     password: $password \n
  79.     e-mail: $email ";
  80.         // To send HTML mail, the Content-type header must be set
  81.         $headers = 'MIME-Version: 1.0' . "\r\n";
  82.         $headers .= 'From: NuHorizon Message Board '
  83.         .'<webmaster@nuhorizononline.com>' . "\r\n";
  84.         mail($to,$subject,$body,$headers);
  85.         //CHECK TO SEE IF THE QUERY HAS BEEN SUBMITTED OKAY.
  86.         if( @mysql_query ($query) ){
  87.       //REDIRECT USER TO WELCOME PAGE
  88.       header('Location:confirm_registration.php');
  89.       exit();
  90.       } else {
  91.             // if the file is more than the maximum allowed, print an error
  92.             echo '<div>File exceeds the Maximum File limit</div>
  93.      <div>Maximum File limit is '.$maxsize.'</div>
  94.      <div>File '.stripslashes($fileName).' is '
  95.      .$_FILES['imagefile']['size'].' bytes</div>
  96.      <hr />';
  97.         }
  98.     }  
  99. } //END OF UPLOAD  
  100. ?>
  • nuhorizon
  • Student
  • Student
  • nuhorizon
  • Posts: 68

Post 3+ Months Ago

alright, so i used the updated one above...it uploads the picture and all the info properly..i haven't validated anything yet though, but thats not a problem...however, could u give me an example of a hidden field for my upload form for the submit button?

and as for the grabbing the picture from the mysql table, lol it still won't show.
  • this213
  • Guru
  • Guru
  • User avatar
  • Posts: 1260
  • Loc: ./

Post 3+ Months Ago

Code: [ Select ]
<input type="hidden" name="submit" value="Submit">

Go get the mysql control center and open the table with that than double clivk the binary data field and see if your image shows up.
  • nuhorizon
  • Student
  • Student
  • nuhorizon
  • Posts: 68

Post 3+ Months Ago

hey thanks! the image DOES show up :) awesome... we're very close now lol

now what should we check for?
  • this213
  • Guru
  • Guru
  • User avatar
  • Posts: 1260
  • Loc: ./

Post 3+ Months Ago

If it shows up there, you must still have a problem with the way you're calling the images out of the database.

Change
header( "Content-type: image/jpeg"); // $type");
to
header( "Content-type: $type");

if it still doesn't show anything, try changing
$data = $file_data['imgdata'];
to
$data = stripslashes($file_data['imgdata']);
  • nuhorizon
  • Student
  • Student
  • nuhorizon
  • Posts: 68

Post 3+ Months Ago

i changed both of those, still nothing...
hm.

Post Information

  • Total Posts in this topic: 21 posts
  • Users browsing this forum: No registered users and 72 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
 

© 1998-2014. Ozzu® is a registered trademark of Unmelted, LLC.