1

i have read many topics considering this matter, but i still have the same problem.I cant understand the logic yet i think.

so i have an image stored in one of my folders in my system and i also have the image's path registered in my database.i simply want to allow users to insert image's title to a searching form and after they press OK, i want the specific image to be displayed.

so far i have found codes like: echo '';

and they work fine for other people, but not for me

my code is the following :

<?php
$con = mysql_connect("localhost","root","");

if (!$con)
{
die('Could not connect: ' . mysql_error());
} 

mysql_select_db("photoshare", $con);



$Title = $_POST['Title'];
$Creator = $_POST['Creator']; 



$result = mysql_query("SELECT path FROM images WHERE Title = '$Title' OR Creator = '$Creator'");



echo '<img src="' . $result . '" />'; 


//some code
mysql_close($con);
?>

so the problem is that no image is beign displayed.on the other hand, the icon of broken image is being displayed. if i got it right the error occurs cause i dont put what my HTTP must see or something like that.i really havent undersand it yet.

any help would be appreciated :)

Thank you both but same thing happens :/ my upload file is the following, i hope it helps :

<?php
$con = mysql_connect("localhost","root","");

if (!$con)
{
die('Could not connect: ' . mysql_error());
}

mysql_select_db("photoshare", $con);


$Image_Title = $_POST['Image_Title'];
$Image_Creator = $_POST['Image_Creator'];
$Image_Date = $_POST['Image_Date'];
$Image_Genre = $_POST['Image_Genre'];



if ((($_FILES["file"]["type"] == "image/gif")
|| ($_FILES["file"]["type"] == "image/jpeg")
|| ($_FILES["file"]["type"] == "image/pjpeg"))
&& ($_FILES["file"]["size"] < 50000000))
  {
  if ($_FILES["file"]["error"] > 0)
    {
    echo "Return Code: " . $_FILES["file"]["error"] . "<br />";
    }
  else
    {
    echo "Upload: " . $_FILES["file"]["name"] . "<br />";
    echo "Type: " . $_FILES["file"]["type"] . "<br />";
    echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />";
    echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br />";

    if (file_exists("../photo_album/" . $_FILES["file"]["name"]))
      {
      echo $_FILES["file"]["name"] . " already exists. ";
      }
    else
      { 
      move_uploaded_file($_FILES["file"]["tmp_name"],
      "../photo_album/" . $_FILES["file"]["name"]);
      echo "Stored in: " . "../photo_album/" . $_FILES["file"]["name"];
      $path = "photo_album/" . $_FILES["file"]["name"];
      $query = "INSERT INTO images (title, creator, date, genre, path)
      VALUES ('$Image_Title', '$Image_Creator', '$Image_Date', '$Image_Genre', '$path')";     
      }
    }
  }
else
  {
  echo "Invalid file";
  }

 if (!mysql_query($query, $con)) {
    die("Error " . mysql_error());
}

?>
Improve this question
7
  • can you just inspect the element and check if the path is right . also can you paste the path you are storing in database ? Commented Jul 4, 2012 at 14:04
  • SQL Injection alert! Please go ahead and read this question on how to fix it before going further. Commented Jul 4, 2012 at 14:08
  • mysql_query returns a resource for select query from which you need to extract the result using methods like mysql_fetch_assoc() or mysql_fetch_array(), consider using methods like print_r() and var_dump() if you are beginning with PHP for debugging and also use tools like firebug to lighten your work related to the front end.. Commented Jul 4, 2012 at 14:09
  • Can you look at the contents of the path column and see where it points? Also, is the script that shows the image in the same directory as the photo_album directory? You might need to change your path to have a ../ Commented Jul 4, 2012 at 14:20
  • what you mean where it points? Commented Jul 4, 2012 at 14:24

2 Answers 2

Reset to default
6

You are executing the query, but you must also retrieve the result as an array or as an object.

<?php
mysql_select_db("photoshare", $con);

// Use mysql_real_escape_string to protect yourself from SQL injection
$Title = mysql_real_escape_string( $_POST['Title'] );
$Creator = mysql_real_escape_string( $_POST['Creator'] );  

$result = mysql_query("SELECT path FROM images WHERE Title = '$Title' OR Creator = '$Creator'");

$row = mysql_fetch_assoc( $result );

echo '<img src="' . $row['path'] . '" />';

Also, you are not escaping your input, which opens you up to CRITICAL security vulnerabilities. Use mysql_real_escape_string() on any user supplied input to avoid this.

Finally, the mysql extension is deprecated and you should avoid using it (The PHP.net docs list it as deprecated). Please consider using PDO instead. Here is your code rewritten using PDO:

<?php
$con = new PDO( 'mysql:host=localhost;dbname=photoshare', 'root', '' );

if ( ! $con ) {
    die( 'Could not connect to the database' );
}

$stmt = $con->prepare( "SELECT path FROM images WHERE Title = :title OR Creator = :creator" );
$stmt->bindParam( ':title', $_POST['Title'] );
$stmt->bindParam( ':creator', $_POST['Creator'] );
$stmt->execute();

// Do this to output all found images
while ( $row = $stmt->fetch( PDO::FETCH_ASSOC ) ) {
    echo '<img src="' . htmlentities( $row['path'] ) . '" />'; 
}

// OR do this to output only one image
$row = $stmt->fetch( PDO::FETCH_ASSOC );
echo '<img src="' . htmlentities( $row['path'] ) . '" />';
Improve this answer
Sign up to request clarification or add additional context in comments.

17 Comments

@Random You don't downvote people for making a simple mistake, you edit the posting or make a comment. I assume the downvote was so your answer would get higher up, which is an extremely poor attitude.
I removed the downvote but that was not a simple mistake , for OP it was a deviating answer
executing your code gives me this: Notice: Undefined variable: dbh in C:\xampp\htdocs\retalis\searchImages.php on line 8 Fatal error: Call to a member function prepare() on a non-object in C:\xampp\htdocs\retalis\searchImages.php on line 8
@user1501764 Ooops, sorry. Fixed it
Warning: PDOStatement::execute() [pdostatement.execute]: SQLSTATE[HY093]: Invalid parameter number: parameter was not defined in C:\xampp\htdocs\retalis\searchImages.php on line 11 gosh :( thanks for your patience though :)
|
1 
    <?php
    $con = mysql_connect("localhost","root","");

    if (!$con)
    {
    die('Could not connect: ' . mysql_error());
    } 

    mysql_select_db("photoshare", $con);


   $Title = mysql_real_escape_string( $_POST['Title'] );
$Creator = mysql_real_escape_string( $_POST['Creator'] );  



    $result = mysql_query("SELECT path FROM images WHERE Title = '$Title' OR Creator = '$Creator'");
    $row=mysql_fetch_assoc($result);


    echo '<img src="' . $row['path'] . '" />'; 


    //some code
    mysql_close($con);
    ?>
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.