#1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2013
    Posts
    14
    Rep Power
    0

    Php image display


    Hello guys.
    I have a question about displaying images. I have a user profile page, where I have all the information about the user and his profile picture. When I searched the internet for how to display an image from the database I found two solutions.

    1) <img src=image.php?id='$id'>";

    But this means I have to have two queries. One for user info and one for the image. Or do I?

    2) <img src="data:image_type;base64,'.base64_encode(image_data).'" />

    This is the solution I've used, because now I only need one query.

    The question is, is this solution OK? Is there any other better way to display images from database. Are there any security issues?

    Thanks for all your help
  2. #2
  3. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2013
    Posts
    18
    Rep Power
    0
    Sorry, for wrong code.

    Comments on this post

    • ttremain disagrees : Not what the OP was asking... He was asking for pros and cons, not "how".
    • Jacques1 disagrees : Lots of security holes, obsolete code. This is not good advice.
  4. #3
  5. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,959
    Rep Power
    1014
    No, that's not how to do it. RajaGa, please don't hand out code without a basic understand of security and modern PHP ("modern" meaning post 2000).

    This code is fundamentally broken and vulnerable to all kinds of attacks. It can be used to capture the whole sever. Seriously.

    I understand that you just wanted to help and that you're still learning PHP yourself. But when your "solution" does more harm than good, it's not really helpful.



    @ AndiAndi:

    Why so complicated? When every user has at most one image, simply use the member ID as the file name and store the images in a folder outside of the document root (for security). Make a simple script to fetch the image for a particular user.

    No fumbling with the database needed.
    The 6 worst sins of security ē How to (properly) access a MySQL database with PHP

    Why canít I use certain words like "drop" as part of my Security Question answers?
    There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".
  6. #4
  7. No Profile Picture
    Lost in code
    Devshed Supreme Being (6500+ posts)

    Join Date
    Dec 2004
    Posts
    8,317
    Rep Power
    7170
    The second solution has several disadvantages:
    1) It can't be cached
    2) IE doesn't have full support for it until v9
    3) It will consume more bandwidth (above the extra required because it can't be cached) because base64 encoding increases the size of the image
    PHP FAQ

    Originally Posted by Spad
    Ah USB, the only rectangular connector where you have to make 3 attempts before you get it the right way around
  8. #5
  9. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2005
    Location
    Vancouver, WA, USA
    Posts
    397
    Rep Power
    189
    I had not even noticed RajaGa's putting the $_GET var directly into the query without cleaning it. I just saw the overall "solution" and knew it wasn't what was being looked for. I would also like to suggest the large font is annoying, and it should be wrapped in PHP tags to be displayed in the forum.

    Storing as a file, certainly could be easier.

    That said, one additional query is not going to hurt anything... And the image might then be cached by the viewer. To embed in a link, forces the viewer do download the image every time.

    I've often thought about using that method in an email though, to see if I can get around mail readers that don't download images, but I've always guessed it's not supported in some mail readers.
    Thomas Tremain
  10. #6
  11. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2013
    Posts
    14
    Rep Power
    0
    Thanks for the help guys. One more question. Should the file with the script that fetches the images be outside the root too?
  12. #7
  13. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2013
    Posts
    14
    Rep Power
    0
    Hei no problem. We are all learning
  14. #8
  15. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2013
    Posts
    14
    Rep Power
    0
    Np. We are all learning
  16. #9
  17. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2013
    Posts
    18
    Rep Power
    0
    Happy Php..
  18. #10
  19. No Profile Picture
    Lost in code
    Devshed Supreme Being (6500+ posts)

    Join Date
    Dec 2004
    Posts
    8,317
    Rep Power
    7170
    Should the file with the script that fetches the images be outside the root too?
    No; if it's outside the root you won't be able to access it.
    PHP FAQ

    Originally Posted by Spad
    Ah USB, the only rectangular connector where you have to make 3 attempts before you get it the right way around
  20. #11
  21. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2013
    Posts
    14
    Rep Power
    0
    Hello Guys. Thank you for your help. I did how you said, i moved everything off the root and changed the code.
    I am saving images now into a folder on server and just storing image type into the base(jpeg, jpg...).
    But I have one problem.
    I am saving an original file(which user uploads) which i resize to 150x150 and then I have to resize 1 more time to 50x50 because I need little picture for something on my website.
    However, with this code, everything works fine for original image which actually gets resized and saved into server as 150x150 size, but the smaller image doesnt get saved and I don't know what the problem.
    This is the code:
    PHP Code:
    if(isset($_FILES['file']['type']) && isset($_FILES['file']['name'])){
                if (
    is_uploaded_file ($_FILES["file"]["tmp_name"])) {
                    
    $filetype $_FILES['file']['type'];
                    
    $filename $_FILES['file']['name'];
                    
    $allowedExts = array("jpg""png""gif");
                    
    $extension end(explode("."$filename));
                    if (
    $filetype == "image/gif" || $filetype == "image/jpeg" || $filetype == "image/jpg" || $filetype == "image/x-png" || $filetype == "image/png" && in_array($extension$allowedExts)){
                        if(
    $_FILES["file"]["size"] < 2000000){
                            if (!
    $_FILES["file"]["error"] > 0){
                                
    $src = ($_FILES['file']['tmp_name']);
                                list(
    $width,$height)=getimagesize($src);
                                if(
    $width>149 && $height>149){
                                    
    $filesize $_FILES['file']['size'];
                                    
    $extension2 strtolower(strrchr($filetype'/'));  
                                    switch(
    $extension2){  
                                        case 
    '/jpg':
                                        case 
    '/jpeg':
                                            
    $img_r = @imagecreatefromjpeg($src); break;
                                        case 
    '/gif':
                                            
    $img_r = @imagecreatefromgif($src); break;
                                        case 
    '/png':
                                        case 
    '/x-png':
                                            
    $img_r = @imagecreatefrompng($src); break;
                                        default:
                                            
    $img_r false; break;  
                                    }    
                                    if(
    $img_r){
                                        
    $dst_r imagecreatetruecolor(150150);
                                        
    $dst_r_comment imagecreatetruecolor(5050);
                                        
    $original_aspect $width $height;
                                        if(
    $original_aspect >= 1){ $new_height 150$new_width $width / ($height 150); }
                                        else{ 
    $new_width 150$new_height $height / ($width 150); }
                                        
    imagecopyresampled($dst_r,$img_r- ($new_width 150) / 2,- ($new_height 150) / 2,00,$new_width$new_height,$width$height);
                                        
    imagecopyresampled($dst_r_comment,$dst_r00005050150150);
                                        
    $src2 $src.'_thumb';
                                        switch(
    $extension2){  
                                            case 
    '/jpg':
                                            case 
    '/jpeg':
                                                
    imagejpeg($dst_r$src100); imagejpeg($dst_r_comment$src2100); break;
                                            case 
    '/gif':
                                                
    imagegif($dst_r$src); imagegif($dst_r_comment$src2); break;
                                            case 
    '/png':
                                            case 
    '/x-png':
                                                
    imagepng($dst_r$src0); imagepng($dst_r_comment$src20); break;
                                        }
                                        if (
    file_exists('../profile_pictures/'.$_SESSION['username'].'.jpg')){unlink('../profile_pictures/'.$_SESSION['username'].'.jpg');}
                                        else if (
    file_exists('../profile_pictures/'.$_SESSION['username'].'.jpeg')){unlink('../profile_pictures/'.$_SESSION['username'].'.jpeg');}
                                        else if (
    file_exists('../profile_pictures/'.$_SESSION['username'].'.gif')){unlink('../profile_pictures/'.$_SESSION['username'].'.gif');}
                                        else if (
    file_exists('../profile_pictures/'.$_SESSION['username'].'.png')){unlink('../profile_pictures/'.$_SESSION['username'].'.png');}
                                        else if (
    file_exists('../profile_pictures/'.$_SESSION['username'].'.x-png')){unlink('../profile_pictures/'.$_SESSION['username'].'.x-png');}
                                        if (
    file_exists('../profile_pictures/'.$_SESSION['username'].'_thumb.jpg')){unlink('../profile_pictures/'.$_SESSION['username'].'_thumb.jpg');}
                                        else if (
    file_exists('../profile_pictures/'.$_SESSION['username'].'_thumb.jpeg')){unlink('../profile_pictures/'.$_SESSION['username'].'_thumb.jpeg');}
                                        else if (
    file_exists('../profile_pictures/'.$_SESSION['username'].'_thumb.gif')){unlink('../profile_pictures/'.$_SESSION['username'].'_thumb.gif');}
                                        else if (
    file_exists('../profile_pictures/'.$_SESSION['username'].'_thumb.png')){unlink('../profile_pictures/'.$_SESSION['username'].'_thumb.png');}
                                        else if (
    file_exists('../profile_pictures/'.$_SESSION['username'].'_thumb.x-png')){unlink('../profile_pictures/'.$_SESSION['username'].'_thumb.x-png');}
                                        
    move_uploaded_file($src'../profile_pictures/'.$_SESSION['username'].'.'.$extension);
                                        
    move_uploaded_file($src2'../profile_pictures/'.$_SESSION['username'].'_thumb.'.$extension);    
                                        
    unlink($src2);
                                        
    imagedestroy($dst_r);
                                        
    imagedestroy($dst_r_comment);
                                        if(
    $database->uploadPicture($extension)){    
                                            
    header('Location: index.php');
                                        }
                                        else{ return 
    'Error!';}
                                    }
                                    else{ return 
    'Error';}
                                }
                                else{return 
    'Error';}
                            }
                            else{return 
    'Error';}
                        }
                        else{return 
    'Error';}
                    }
                    else{return 
    'Error';}
                }
                else{return 
    'Error;} 
    Thank you for your help.

IMN logo majestic logo threadwatch logo seochat tools logo