Outputing image from mysql database (table)

Question

I have problem with outputing images from my mysql database (table)

I manage to store images into the table but when I try to output it I get some row code into browser.

Here is my output query:

<?php

      $queri_goals = mysqli_query($conn, "SELECT*FROM goals WHERE user_id = {$user_id}");
      while ($goal=mysqli_fetch_array($queri_goals)) {
        $user_id2 = $goal['user_id'];
        $goalname = $goal['goal'];
        $description = $goal['description']; 
        $deadline = $goal['deadline'];
        $image = $goal['image'];



             echo "<tr>
    <td>$user_id2</a></td>
    <td>$goalname</td>
    <td>$description</td>
    <td>$deadline</td>
    <td>$image</td></tr>";

    } echo "</table>";


?>

input query:

   $image =addslashes(file_get_contents($_FILES['goalupload']['tmp_name'])); //$_FILES -> globalna varijabla za filove, u prvu ['ide ime iz forme']['ide koji tip podatka npr name sto je u ovom slucaju upload']
$image_name = addslashes($_FILES['goalupload']['name']);
$image_size = getimagesize($_FILES['goalupload']['tmp_name']);

 //Perform Query
                    mysqli_query($conn, "INSERT INTO goals (user_id, goal, description, deadline, image_name, image) 
                    VALUES('{$user_id}','{$goalname}', '{$description}', '{$deadline}', '{$image_name}', '{$image}')");

                    echo " Your goal is successfully created";  

images are stored like as a binary data BLOB into the table...

Thanks in advance! Denis

Answer 1

There are a lot of things that can be improved here. The most obvious is that while you upload the image you don't actually place the uploaded data anywhere on your filesystem. You do add the image to the database but this is extremely inefficient, and you need to store the data in BLOB format columns on your MySQL, please read How to insert a file in MySQL database? .

By default uploaded files are stored in a temp folder on the server and then deleted as soon as the browser moves on. To save the image you need to take the temporary image and actually define a place to store it, you then take the address of this place you store it . Please read Handing File Uploads on the PHP manaual as a basic start to this process.

storing the data as raw data in the MySQL is possible but complex and inefficient as you need to store it correctly and then when you call the data from the database you need to give it its own header so the browser knows how to handle it, knows that this blob of data is a JPEG image file, for instance.

I highly recommend storing the data itself as a file and simply database storing the reference address to the file.

To display BLOB data:

You need to supply a header that tells the browser what form the data takes, is it a PNG or a JPEG, or a GIF or a HTML file? etc.

BUT your issue then is that you can't supply a PHP header for this information once you've already passed output data to the browser, so really the logical step is to call a separate PHP file (image.php) that can grab this data and give it a correct header.

So:

image.php

/**
Assumed you've already Grabbed data fro MySQL in top of this file.
Also assumed file is a JPEG format
**/
header("Content-type: image/jpeg");
print base64_encode($goal['image']);
exit;

This file is then called by the table so that:

 echo "<tr>
 <td>$user_id2</a></td>
 <td>$goalname</td>
 <td>$description</td>
 <td>$deadline</td>
 <td>image.php</td></tr>";

The image.php file will then act and behave as if it is a JPEG image and will output the picture as directed. (you will need to tell the PHP file while image you want it to output).

Edit: As KIMB-technologies rightly points out, you need to also ensure the image.php file outputs the data with the correct encoding.

Some extra details:

Addsashes() is inappropriate and actuall a security risk used here and should not be used, it is better to use mysqli_real_escape_string as referenced in the PHP manual:

To escape database parameters, DBMS specific escape function (e.g. mysqli_real_escape_string() for MySQL) should be used for security reasons. DBMSes have differect escape specification for identifiers (e.g. Table name, field name) than parameters.

Answer 2

It seems as you output the binary data of the image as string and doesn't tell the browser that it is an image.

You have stored the image as binary data in the database, so you have to base64 encode it first and then you can echo it as inline image.

You also have to tell the browser the MIME type of your image. (e.g. image/png, image/jpg, image/gif)
One way is to store the MIME type in the database on upload. How to get it with PHP:

$finfo = finfo_open(FILEINFO_MIME_TYPE);
$mimetype = finfo_file($finfo, $temp_path_to_file);
finfo_close($finfo);

And now your output code:

<?php

      $queri_goals = mysqli_query($conn, "SELECT*FROM goals WHERE user_id = {$user_id}");
      while ($goal=mysqli_fetch_array($queri_goals)) {
        $user_id2 = $goal['user_id'];
        $goalname = $goal['goal'];
        $description = $goal['description']; 
        $deadline = $goal['deadline'];
        $image = $goal['image'];

        //make binary image data to string
        $image = base64_encode( $image );
        //you have to know the mime type of the image
        // e.g. image/png, image/jpg, image/gif
        $mimetype = 'image/png';

             echo "<tr>
    <td>$user_id2</a></td>
    <td>$goalname</td>
    <td>$description</td>
    <td>$deadline</td>
    <td>
         <img src='data:$mimetype;base64,$image'>
     </td></tr>";

    } echo "</table>";

?>

But as Martin said, it would be a good idea to store the image on the filesystem and only put the path into the database.