images cannot diplay

Question

i have upload the images in databases but when i want to display it the images cannot display..i don't know why it cannot display..maybe have something wrong in my coding..can you please help me??

upload.php

<?php

$id = $_POST['account'];
$code = $_POST['code'];
$price = $_POST['price'];

echo $file = $_FILES['image']['tmp_name'];
if (!isset($file))
  echo "Please select an image.";
else
{
 $image = addslashes (file_get_contents($_FILES['image']['tmp_name']));
 $image_name = addslashes ($_FILES['image']['name']);
 $image_size = getimagesize($_FILES['image']['tmp_name']);

 if($image_size==FALSE)
  echo "That's not an image.";
else
{
if (!$insert = mysql_query("INSERT INTO menu 
    VALUES('$code','$price','$image','$id')"))
echo "Problem uploading images.";
else
{
  $lastid = $code;
  echo "Image uploaded.<p />Your image:<p /><img src=get.php?id=$lastid>";
}

   }
 }
 ?>

get.php

 <?php
 $con = mysql_connect("localhost","root","");
 if (!$con)
 {
 die('Could not connect: ' . mysql_error());
 }

 mysql_select_db("food", $con);


 $id = addslashes($_REQUEST['FoodId']);

 $image = mysql_query("SELECT * FROM menu WHERE FoodId=$id");
 $image = mysql_fetch_assoc($image);
 $image = $image['image'];

 header("Content-type: image/jpeg");

 echo $image;
 ?>

Why do you store the image contents in the database? what's the type of the column that holds the image? — Vlad Balmos, Sep 19 '12 at 13:29
remove the `addslashes` function when getting the image content. The binary data should be inserted without alteration for the image to be displayed corectly — Vlad Balmos, Sep 19 '12 at 13:38

score 2 · Answer 1 · edited May 23 '17 at 12:12

1) Remember little Bobby tables; always sanitize input into a database.

2) Don't use the old mysql_* functions, they are insecure and depreciated (see the red box here). Instead look at using PDO or MySQLi, they don't take long to learn and are, imho, much better in every regard, including ease of use once you're used to them.

3) It's much better to save your images on the server and only store the image url in the database. This is for a number of reasons; not least that if you allow users to upload huge images, by the time you have more than a handful of images, your database is going to be several Gb in size and very slow to read, and even harder to backup regularly.

Uploading a file to your server: How to upload & Save Files with Desired name

Then you only need to store the filename in your database. You can then retrieve the filename from the database and simply add it to an img tag in your app when you want to display that image.

Which bit? the PDO/mySQLi, or the PHP - How to upload & Save Files with Desired name link, or the fetching the url from the database? — Stu, Sep 19 '12 at 13:51

Nomistake · Answer 2 · 2012-09-24T19:27:10.493

0

Why dont you close your img element?

Also beter to get you var out of the string:

echo "Image uploaded.<p>Your image:</p><img src=\"get.php?id=$lastid\" />";

edited Sep 24 '12 at 19:27

answered Sep 19 '12 at 13:29

Nomistake

893
2
17
32

CᴴᵁᴮᴮʸNᴵᴺᴶᴬ · Accepted Answer · 2012-09-25T08:27:26.797

Please confirm by manually looking through your DB that the image has been stored successfully, and infact is readable?, post the contents of the stored image.

FYI, it is usually better to store the image in a folder on your server, rather than in the DB and just store the path to the image in the DB.

If you wanted to store path to image, something like this would work:

<?php

$id = mysql_real_escape_string($_POST['account']);
$code = mysql_real_escape_string($_POST['code']);
$price = mysql_real_escape_string($_POST['price']);

$allowedExts = array("jpg", "jpeg", "gif", "png");
if(!isset($_FILES))
{
    die('No Image Uploaded - Please check form enctype="multipart/form-data".');
}
$fileinfo = pathinfo($_FILES['image']['name']);
$extension = $fileinfo['extension'];
if(!in_array($extension,$allowedExts))
{
    die('Invalid file type.');
}
$file   = '/uploadedimages/' . uniqid() .'.'. $extension;
if(!move_uploaded_file($_FILES['image']['tmp_name'], $_SERVER['DOCUMENT_ROOT'] . $file))
{
    die('Problem Storing Image in folder /uploadedimages/ - Please check folder exists and is writable.');
}

$insert = mysql_query("INSERT INTO menu VALUES('$code','$price','$file','$id')");
if(!$insert)
{
    die('Problem adding to db.');
}
/*
the following two echos demostrate two methods of showing the image, 
the first adds the variable by splitting the string and rejoining it,
the second nests the image inside the variable without the need to edit it.

The difference is the single and double quotes, single quotes take any content 
inside them as litteral, meaning 
    $string = "hello";
    $new_string = '$string Dave.';
    will print $string Dave. Not hello Dave.
Double quotes will accept variables and add the content they hold.
    $string = "hello";
    $new_string = "$string Dave.";
    will print hello Dave.
*/
echo 'Image Uploaded.<p>Your Image</p><img src="' . $file . '" />';

echo "Image Uploaded.<p>Your Image</p><img src=\"$file\" />";

the folder is /uploadedimages/ and would need to be write enabled (chmod777)

Calling from another file; You can call the image anytime from the DB with the query you used before;

$res = mysql_query("SELECT * FROM menu WHERE FoodId=$id");
$row = mysql_fetch_assoc($res);
$image = $row['image'];
?>
<img src="<?=$image?>" />

Obviously the $id is something you have already defined on the php page.

EDIT: The edit made by someone else to me post was unnecessary - there is nothing wrong with using single quotes with variables and it clearly shows where you are adding variables in. If you wanted to show how to use double quotes you should give both options available and explain the difference. Your edit was tacky and badly written, adding a space after the double quote.

i don't understand what chmod777?? and in my database what data type i must use to save that images?? BLOB or what?? — user1683166, Sep 19 '12 at 13:52
You can use varchar(70). chmod777 sets the directory you're storing the images in writable, otherwise it will not get written. You can do this in your FTP application usually by right clicking on the folder and changing permissions, and ticking all options write read execute — CᴴᵁᴮᴮʸNᴵᴺᴶᴬ, Sep 19 '12 at 13:54
I am making the assumption you're on a linux webserver - the chmod only applies to linux, there is a windows equivalent though. — CᴴᵁᴮᴮʸNᴵᴺᴶᴬ, Sep 19 '12 at 13:56
Warning: move_uploaded_file() [function.move-uploaded-file]: Unable to move 'C:\wamp\tmp\php952.tmp' to 'C:/wamp/www//uploadedimages/5059d021107ba.jpg' in C:\wamp\www\Web Staf\phpHidangan.php on line 56 — user1683166, Sep 19 '12 at 14:05
Ok this is because you are on windows, and a subfolder, so i assume you have created the `uploadedimages` folder in `C:\wamp\www\Web Staf\ ` if so, you need to adjust the script above from `$file = '/uploadedimages/' . uniqid() .'.'. $extension;` to `$file = '/Web Staf/uploadedimages/' . uniqid() .'.'. $extension;` — CᴴᵁᴮᴮʸNᴵᴺᴶᴬ, Sep 19 '12 at 14:09
it's work...thank you..but one question i want to ask..how we want to display that images in another file..can you help — user1683166, Sep 19 '12 at 14:15
I have amended the example above to show how to call it from another page, i hope this helps. Please tick as a acceptable answer if I have solved your dilemma. — CᴴᵁᴮᴮʸNᴵᴺᴶᴬ, Sep 19 '12 at 14:18

images cannot diplay

3 Answers3