0

I am doing PHP for the first time and research about this but not joy. Basically, i am trying to get the images from my PHPMyAdmin database and upload it to a webpage that i have created. All the heading and texts are being displayed as intended apart from the image.

Code in which i am getting the images from database

    <?php
        include 'config.php';
        include 'opendb.php';
        $getdestinationdetails = mysql_query("SELECT *
        FROM tbldestinations
        WHERE destinationid = $_GET[destinationid]");
        while($row = mysql_fetch_array($getdestinationdetails))
        {
        echo "<h1>Visit " . $row['destinationname'] . "</h1>".
        "<imgsrc = 'images" . $row['destinationimage'] . "' />"  .
        "<br />
        <br />" .
        $row['destionationdesc'] .
        "<br />
        <br />
        Our holidays include:
        <ul>
            <li>Luxury coach travel from Shipley Town Centre</li>
            <li>Bed and Breakfast at a top hotel</li>
            <li>Free tea and coffee on board your coach</li>
            <li>The services of an experienced courier</li>
            <li>Free complimentary glass of champagne upon arrival at your hotel</li>
        </ul>
        <center><h2>Don't delay, book today!</h2></center>";
        }
        include 'closedb.php';
?>

I tried all the experiments but all in vain. any tips or suggestions would be really appreciated. Thanks in advance

Ankur Sinha
  • 6,473
  • 7
  • 42
  • 73
zain zorro
  • 41
  • 1
  • 4
  • 11
  • 2
    Someone else will probably echo this, but FYI, the `mysql_*` functions are all deprecated and are **going away** soon. – Joseph at SwiftOtter Jan 03 '13 at 02:51
  • 1
    Are the actual image data stored in the database or just their paths? Also ` – Musa Jan 03 '13 at 02:52
  • First, phpmyadmin is a database administration tool, not a database. The database is probably a MySQL database. Second, you have a prime example of a SQL injection vulnerability there. While switching to PDO (which you should do as JMax noted), please start using prepared statements instead of building SQL strings. Third, to address your question: Look at the generated output, I suspect you may be missing a slash in the file path after "images". Also, the "imgsrc" problem mentioned by Musa. – Jan Schejbal Jan 03 '13 at 02:56
  • @JMax is correct, look at the mysqli module as mysql is becoming deprecated. From a beginner's perspective there isn't much difference so no need to avoid it. It looks like you're just getting the image paths out of the database, as opposed to the actual images (which is the right way to do it)... Are you sure you have the paths correct. Right click your web browser and make sure the path listed in the element is the correct path to where your image is stored – mr mojo risin Jan 03 '13 at 02:57
  • Actual images are stored in the database as LONGBLOB data type. Additionally the syntax for image source is corrected but no joy. – zain zorro Jan 03 '13 at 02:58
  • Yep, you won't be able to just output the LONGBLOB into an image source. You need to convert it to base64 and then you can put it into the image. There is a caveat, as it is not 100% supported by all browsers, in my understanding. – Joseph at SwiftOtter Jan 03 '13 at 03:01
  • @ mr mojo risin, do i specify the path where the images is stored in my computer or in PHPMyAdmin? – zain zorro Jan 03 '13 at 03:01
  • 1
    [**Please, don't use `mysql_*` functions in new code**](http://stackoverflow.com/a/14110189/1723893). They are no longer maintained [and are officially deprecated](https://wiki.php.net/rfc/mysql_deprecation). See the [**red box**](http://j.mp/Te9zIL)? Learn about [*prepared statements*](http://j.mp/T9hLWi) instead, and use [PDO](http://php.net/pdo) or [MySQLi](http://php.net/mysqli) - [this article](http://j.mp/QEx8IB) will help you decide which. If you choose PDO, [here is a good tutorial](http://j.mp/PoWehJ). – NullPoiиteя Jan 03 '13 at 03:45

1 Answers1

2

If the actual image is stored in the database, you have two options:

  1. Make another script that is designed to just load images from the database. In this script, you will set the header('Content-Type: image/jpeg') (or whatever the type of image that you will display is. Then, you will output the content. This option might not be as preferred, as it takes an extra call to the database (http://stackoverflow.com/questions/5525830/displaying-an-image-stored-in-a-mysql-blob)
  2. A little more risky, for browser compatibility is to base64 encode it and output it directly into the image tag. (http://stackoverflow.com/questions/1207190/embedding-base64-images)

Either option, you will need to still have an <img /> tag on your main page. Option 1 requires a src attribute pointing to the script, including whatever identifiers needed to look up the image in the database (but being very careful about XSS). Option 2 outputs it directly into the image tag, so that is preferable in some respects as well

If it is just a link to an image:

Your above code should work fairly fine, except with this modification:

echo "<h1>Visit " . $row['destinationname'] . "</h1>".
     "<img src=\"images/" . $row['destinationimage'] . "\" />"  .
...

Edit:

What I would do, which would be the easiest is this: in your php file, output your image (assuming it is a jpg), like this:

...
echo '<img src="data:image/jpeg;base64,' . base64_encode($row['destinationimage']) . '" />';
...

The above will actually put the image into the image tag itself, instead of downloading across the internet. I think the hangup here is the fact that you are seeing the image in PHPmyAdmin. When you see the image there, there really is no way to get it out of PHPmyAdmin. I haven't tried it myself, but I would assume that they are doing something similar to what I show you above - just displaying the image in the HTML tag.

Joseph at SwiftOtter
  • 4,276
  • 5
  • 37
  • 55
  • Which one is more easer to do for a beginner like me. Furthermore, it would be very helpful if you could explain me more simpler terms please. I'll really appreciate your efforts. – zain zorro Jan 03 '13 at 03:20