Images display blank when retrieving from database php mysql

Question

I have four files:

main.php my html submit form, which submits an image and text with the image
storeinfo.php it sends all my data from the html form to the database it works, my image and text from the form are successfully submitted
image.php fetches the image from the database and has a header function to convert aimagetype into whatever format the image is png, jpeg ect.
show.php fetches all text posted with the images and displays all image with the text, however the images are not displayed instead I get a blank box when an image fails to display.

I can't find my error, I'm guessing it has something to do with the header function in image.php or when I try to display the image with the html img tag in show.php. The upload of the image (which is stored as blob) to the database is successful. Why aren't the images displaying?

Code in order by each page:

main.php the html form

<form enctype="multipart/form-data" action="storeinfo.php" method="POST">

<table border=0 align=center bgcolor=black width=100%>
<tr><td colspan=2><h2>&nbsp</h2></td></tr>
</table>


<table border=0 align=center bgcolor=grey>
<tr><td colspan=2><h2>Animal Information</h2></td></tr>
<tr>
<td>Name</td><td><input type=text name="aname"></td>
</tr>
<tr>
<td>Description</td><td><input type=text name="adetails"></td>
</tr>
<tr>
<td>Photo</td><td><input type=file name="aphoto"></td>
</tr>
<tr>
<td></td><td><input type=submit name="submit" value="Store Information"></td>
</tr>
</table>
</form>

storeinfo.php

<?php
$conn = mysql_connect("localhost","root","");
if(!$conn)
{
echo mysql_error();
}
$db = mysql_select_db("imagestore",$conn);
if(!$db)
{
echo mysql_error();
}
$aname = $_POST['aname'];
$adetails = $_POST['adetails'];
$aphoto = addslashes (file_get_contents($_FILES['aphoto']['tmp_name']));
$image = getimagesize($_FILES['aphoto']['tmp_name']);//to know about image type etc

$imgtype = $image['mime'];

$q ="INSERT INTO animaldata VALUES('','$aname','$adetails','$aphoto','$imgtype')";

$r = mysql_query($q,$conn);
if($r)
{
echo "Information stored successfully";
}
else
{
echo mysql_error();
}
?>

image.php

<?php

$conn = mysql_connect("localhost","root","");
if(!$conn)
{
echo mysql_error();
}
$db = mysql_select_db("imagestore",$conn);
if(!$db)
{
echo mysql_error();
}
$id = $_GET['id'];
$q = "SELECT aphoto,aphototype FROM animaldata where id='$id'";
$r = mysql_query("$q",$conn);
if($r)
{

$row = mysql_fetch_array($r);
$type = "Content-type: ".$row['aphototype'];
header($type);
echo $row['aphoto'];
}
else
{
echo mysql_error();
}

?>

show.php

<?php
//show information


$conn = mysql_connect("localhost","root","");
if(!$conn)
{
echo mysql_error();
}
$db = mysql_select_db("imagestore",$conn);
if(!$db)
{
echo mysql_error();
}

$q = "SELECT * FROM animaldata";
$r = mysql_query("$q",$conn);
if($r)
{
while($row=mysql_fetch_array($r))
{
//header("Content-type: text/html");
echo "</br>";
echo $row['aname'];
echo "</br>";
echo $row['adetails'];
echo "</br>";

//$type = "Content-type: ".$row['aphototype'];
//header($type);

 //$lastid = mysql_insert_id();
// $lastid = $lastid;
 //echo "Your image:<br /><img src=image.php?id=$lastid />";

echo "<img src=image.php?id=".$row['id']." width=300 height=100/>";


}
}
else
{
echo mysql_error();
}


?>

What type are you using to store content in db? Also I am not quite sure that you can save binary content to db like that. — Tomasz, Oct 30 '14 at 21:26
To start you should quote your image source string: `src='image.php?id=".$row['id']."'`. Apart from that you should try to narrow down the problem, what kind of responses are you getting for the images in the net tab of your developers tools, mysql error messages or image content? — jeroen, Oct 30 '14 at 21:26
I'm using id, aname varchar 200, adetails text, BLOB for aimage, aphototype varchar 200 — , Oct 30 '14 at 21:31
I'm not getting any error messages just a default blank image display like whenever an image does not show up. — , Oct 30 '14 at 21:33

score 0 · Answer 1 · answered Oct 30 '14 at 21:33

First of all I found tutorial on how to do the thing that you are trying to do here at: http://www.mysqltutorial.org/php-mysql-blob/

2nd of all you should use mysql_escape_string(file_get_contents($_FILES['aphoto']['tmp_name'])) instead of addshlashes.

Based on those 2 rules you should be able to figure out what is wrong with your code, you can also try with smaller pictures.

score 0 · Answer 2 · edited May 23 '17 at 10:25

There are numerous problems with your code, but the most notable are that you are using the deprecated mysql functions and your code is vulnerable to SQL injection attack.

I've rewritten storeinfo.php and image.php to work with the mysqli extension and use parameter binding to mitigate SQL injection. I'll leave rewriting show.php as an exercise for you.

Note that I've made some assumptions about the structure of your table so you may need to make some adjustments to the SQL code.

storeinfo.php

$aname = $_POST['aname'];
$adetails = $_POST['adetails'];
$aphoto = file_get_contents($_FILES['aphoto']['tmp_name']);
$image = getimagesize($_FILES['aphoto']['tmp_name']);//to know about image type etc
$imgtype = $image['mime'];

$conn = new mysqli("localhost","root","", "imagestore");
if ($conn->connect_errno) {
    echo "Failed to connect to MySQL: (" . $conn->connect_errno . ") " . $conn->connect_error;
}

if (!($stmt = $conn->prepare("INSERT INTO animaldata (aname, adetails, aphoto, aphototype) VALUES(?, ?, ?, ?)"))) {
    echo "Prepare failed: (" . $conn->errno . ") " . $conn->error;
}
if (!$stmt->bind_param("ssbs", $aname, $adetails, $aphoto, $imgtype)) {
    echo "Binding parameters failed: (" . $stmt->errno . ") " . $stmt->error;
}
$stmt->send_long_data(2, $aphoto);

if (!$stmt->execute()) {
    echo "Insert failed: (" . $conn->errno . ") " . $conn->error;
} else {
    echo "Information stored successfully";
}

image.php

$conn = new mysqli("localhost","root","", "imagestore");
if ($conn->connect_errno) {
    echo "Failed to connect to MySQL: (" . $conn->connect_errno . ") " . $conn->connect_error;
}

if (!($stmt = $conn->prepare("SELECT aphoto, aphototype FROM animaldata where id=?"))) {
    echo "Prepare failed: (" . $conn->errno . ") " . $conn->error;
}
if (!$stmt->bind_param("i", $_GET['id'])) {
    echo "Binding parameters failed: (" . $stmt->errno . ") " . $stmt->error;
}

if (!$stmt->execute()) {
    echo "Select failed: (" . $conn->errno . ") " . $conn->error;
} else {
    $stmt->bind_result($aphoto, $aphototype);
    $stmt->fetch();

    header("Content-type: ".$aphototype);
    echo $aphoto;
}

Images display blank when retrieving from database php mysql

2 Answers2