1

I am storing thumbnail images in the DB as BLOB data (I hate myself a little already...) and have a site with a staging site living alongside a production site. In the production site, the thumbnails display just fine. In the sandbox, they do not. The files that display them are the same. The databases are now the same (I have both instances pulling data from the same source DB to remove that variable). It is driving me nuts as to why one works, and the other does not. Further, when I was trying to make all the code from the Sandbox live at the production URL, the thumbnails stayed broken.

These two URLs should look the same: http://sandbox.armoryrevival.com/staging/browse/apartments and http://www.armoryrevival.com/browse/apartments

Even more, the source of the images should look the same: http://sandbox.armoryrevival.com/staging/property/lst_thumbnail/315 and http://www.armoryrevival.com/property/lst_thumbnail/315

To review, the image tags call another PHP file whose job it is to display the BLOB data and set the header of the file. Here is that code, which is identical on both sites: 

<?php
    $listing_id = requestIdParam();
    $query = "SELECT thumbnail FROM listing WHERE id = $listing_id";

    $result = mysql_query($query, MyActiveRecord::Connection());
    $data = @mysql_fetch_array($result);

    if ( !empty($data["thumbnail"]) ) {
        // Output the MIME header
        header("Content-Type: image/jpeg");
        // Output the image
        echo $data["thumbnail"];
    }
?>

There is no new line before the open PHP tag, which I know is a problem when we are setting headers. What else should I look into? I'm pretty stumped by all this and have run out of paths to trouble shoot. The server error logs don't have anything useful to say. Magic Quotes is Off in the config. PHP config can be checked at http://www.armoryrevival.com/gdinfo.php. Any help is appreciated.

J. Hogue
  • 314
  • 4
  • 11
  • 2
    Can you give the output of var_dump($data). Remove the @ from @mysql_fetch_array() to see if you get any error mssgs. – Vagabond Apr 01 '14 at 04:10
  • 2
    It's kind of terrifying that you're using `mysql_query` in a production application as that `$listing_id` in your query is just one little mistake away from being a gigantic SQL injection hole. – tadman Apr 01 '14 at 04:17
  • [Why shouldn't I use mysql_* functions in PHP?](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php) – Phil Apr 01 '14 at 05:03
  • 1
    There's a 1 byte difference (prod is 5308, sandbox 5309). It looks like a space character at the start of the sandbox output (hex 20). – Phil Apr 01 '14 at 05:08
  • Tadman: I know it looks bad... the requestIdParam() function is used in these cases when the system sets up URLs – it ensures that the ID is an integer so I can avoid injection. – J. Hogue Apr 01 '14 at 13:39
  • Phil: That's great to hear, and a good thing to check. Sets me down the right path I think. I just have to figure out where a space could be getting added to the output in one environment vs. another. – J. Hogue Apr 01 '14 at 13:40

0 Answers0