0

I'm trying to display an image stored in mysql database. I store it this way:

if (isset($_SESSION['mod']) && (isset($_GET['upload'])) ) {
    if (isset($_FILES['image'])  && $_FILES['image']['size'] > 0) { 

    $con = mysql_connect("localhost", "root");
    mysql_select_db("psi", $con);

      // Temporary file name stored on the server
      $tmpName  = $_FILES['image']['tmp_name'];  

      // Read the file 
      $fp      = fopen($tmpName, 'r');
      $data = fread($fp, filesize($tmpName));
      $data = addslashes($data);
      fclose($fp);

      //now i use <tmpName> as an actual name of file
      $tmpName  = $_FILES['image']['name'];  
      if (isset($_GET['name']))
        $tmpName = $_GET['name'];

        $uname = $_SESSION['uname'];
        $idObj = mysql_query("SELECT id_object AS id FROM tobject WHERE uname = '$uname'");
        $idObj = mysql_fetch_assoc($idObj);
        $idObj = $idObj['id'];

      // Create the query and insert
      // into our database.
      $query = "INSERT INTO slike ";
      $query .= "VALUES ('', '$idObj', '$data', '$tmpName')";
      $results = mysql_query($query, $con);

      // Print results
      print "Thank you, your file has been uploaded.";

}
else {
   print "No image selected/uploaded";
}

}

I suppose this is ok.. It does store something in db (appropriate size), but I can't see what it is manually.. So, when I try to fetch it with this code:

else if (isset($_GET['idSlike'])) {
$idSlike = $_GET['idSlike'];

    $con = mysql_connect("localhost", "root");
    mysql_select_db("psi", $con);

$res = mysql_query("SELECT slika FROM slike WHERE id_slika = '$idSlike'");
if (!$res) {
    die("greska: " . mysql_error());
};

$slika = mysql_fetch_array($res);
$slika = $slika['slika'];
header('Content-Type: ' . $slika['mimetype']);
echo $slika;
}

note: both storing and getting images from db are in same file (image.php)...

I don't get anything... I tried displaying it with: 

<img src="image.php?idSlike=10"/>

i hardcoded ids but they exist in db

i also tried with

echo "<img src=\"image.php?idSlike=13\">";

through another php file but all i get is an empty image (with correct src)

I'm using xampp (mysql 5.5.16; PHP 5.3.8)...

Improve this question
3
  • Beside your problem stated in your question; take a look at SQL injection. Your script is vulnerable for it! Commented May 10, 2012 at 16:45
  • thanks for the mention.. i look into it.. :) Commented May 10, 2012 at 16:59
  • Please don't use mysql_* functions in new code. They were removed from PHP 7.0.0 in 2015. Instead, use prepared statements via PDO or MySQLi. See Why shouldn't I use mysql_* functions in PHP? for more information. Commented May 10, 2012 at 17:40

1 Answer 1

Reset to default
1

Turn on notices and warnings in your development environment with:

ini_set("display_errors", 1);
error_reporting(E_ALL);

You're doing things that are non-sensicle (and PHP will tell you about it if you let it):

$slika = mysql_fetch_array($res);
$slika = $slika['slika'];
header('Content-Type: ' . $slika['mimetype']); // <-- $slika is a string not an array
echo $slika; // <-- if $slika is an array here, you can not echo is like this
Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

i'm pretty much a noob in this area, so a proper explanation of echo-ing arrays would be nice... i thought that because of: $slika = $slika['slika']; i'm accessing BLOB directly...
No, mysql_fetch_array will fetch an array of strings, they are always strings. If you want to turn it into an object you will have to unserialize it with the appropriate method (which is the reverse method of whatever you used to serialize it with).
btw, that php file when accessed directly with idSlike set does output something.. but it's just some garbage, changing it's type to jpg and then trying to open it results in non readable data...
i'm not sure if i even serialize it... all i do is addslashes before store it in db... stripslashes or unserialize don't make any difference...

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.