1

I am trying to read multiple image files from a folder (.htaccess protected) and display in a HTML page using php readfile().

The problem is I can see only the first image is read and the next is not shown in the browser. The code is as below

<?php
$image1 = 'files/com_download\256\50\www\res\icon\android\icon-36-ldpi.png';
$image2 = 'files/com_download\256\50\www\res\icon\android\icon-48-mdpi.png';

$imginfo = getimagesize($image1);
header("Content-type: ".$imginfo['mime']);
readfile($image1);

$imginfo = getimagesize($image2);
header("Content-type: ".$imginfo['mime']);
readfile($image2);
?>

I could see the first image 'icon-36-ldpi.png' successfully read and displayed in the browser and the second image is not read and not displayed in the browser.

Am I missing something? Any advice please.

Sorry if I am doing stupid but the requirement is to read multiple image files and render in the browser like a grid view. I cannot use img tag because of security reasons.

Improve this question
3
  • Have you tried swapping your code around and putting the $image2 first - then you'll at least narrow down if its a problem with the image itself or with your code. Commented Nov 27, 2014 at 23:37
  • @Bradley4 If $image2 is first then it is only is getting displayed. No problem with the images. Commented Nov 27, 2014 at 23:39
  • What do you want to display in browser. The content itself or the result of the content rendered by browser.Like if you want to display the image in browser, then why you not trying to add and IMG tag in your htm with src. Commented Nov 28, 2014 at 5:19

1 Answer 1

Reset to default
1

You can't dump both images out at once. Why not make two images in your html so the browser makes two calls to your script. Then use a GET param to pass the filename you want to display.

---Edit---

Important Security Note

There is an attack vector which you open up when doing soething like this. Someone could easily view your source html and change the parameter to get your image script to output any file they want. They could even use "../../" to go up directories and search for well known files that exist. e.g. "../../../wp_config.php". Now the attacker has your wordpress database credentials. The correct way to prevent against this is to always validate the input parameter properly. For example, only output if the file name ends with ".jpg"

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

@phil-1984 Sorry I couldnt understand your answer fully. Could you please elaborate your answer so that I can give a try.
Can you paste your html please. I will show you what i mean.
@phil-1984 - I got your answer. What I made was created two img tags in my html and for each img tag I link the src to the php file which reads the image file using readfile. I passed the name of the image as one of the URL parameter so that the php file can GET it and read the correct file. Thanks.
Exactly. I just thought of some security hole which you might open up when doing this. You should at least be aware of it. I have updated my answer.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.