Problem displaying image with imagejpeg in PHP

Question

I'm having an issue using a watermarking script I have. Below is the script:

if (isset($_GET['imgid'])) {
    include "../mysql_connect.php";
    $imgid = $_GET['imgid'];
    $query = "SELECT * FROM img_ref WHERE id='$imgid'";
    $result = mysql_query($query) or die(mysql_error());
    $row = mysql_fetch_array($result);
    $imagesource = "../ajax_uploads/$row[submitter_id]-uploads/$row[filename]";
} else {        
    $imagesource =  "../ajax_uploads/" . $_GET['path'];
}
$info = pathinfo($imagesource); 
$filetype = $info['extension']; 
if($filetype == "gif")  $image = @imagecreatefromgif($imagesource);  
if($filetype == "jpg")  $image = @imagecreatefromjpeg($imagesource);  
if($filetype == "png")  $image = @imagecreatefrompng($imagesource);  
if (!$image) die(); 
$watermark = @imagecreatefrompng('../images/watermark.png');
// This is the key. Without ImageAlphaBlending on, the PNG won't render correctly.
imagealphablending($image, true);
$imagewidth = imagesx($image); 
$imageheight = imagesy($image);  
$watermarkwidth =  imagesx($watermark); 
$watermarkheight =  imagesy($watermark); 
$startwidth = (($imagewidth - $watermarkwidth)/2); 
$startheight = (($imageheight - $watermarkheight)/2); 
imagecopy($image, $watermark,  $startwidth, $startheight, 0, 0, $watermarkwidth, $watermarkheight); 
imagejpeg($image);
imagedestroy($image); 
imagedestroy($watermark);

Now, if I pass a 'path' variable through, everything works fine and the image is displayed correctly as I would imagine. However, when I attempt to pass through an imgid value, and retrieve the path from the database, the image is presented in raw data on the screen - not as an image.

I have tried specifying the headers

header("Content-type: image/jpeg");

However that hasn't helped. It doesn't seem to be an issue with the folder permissions, as if I specify the path name using the reference in the database, it works fine. It seems to be that including that first "if" section seems to break the output, and I'm at a loss why.

Could anyone possibly shed any light on this for me?

Thank you kindly,

Dan

UPDATE

Okay, somehow its started working with having "Header("Content-type: image/jpeg");" placed at the top of the PHP file, so if I go to the file directly and put in the GET id, I get the picture returned - which is good (no idea what changed though).

However I still have an issue in displaying this picture elsewhere it seems. I'm calling the picture using "fancybox", a jquery plugin. When it displays the image, it is still showing the raw data. If I use the path, it displays fine - just for some reason the raw data shows up when using the GET id option. Am still looking into it but thanks for suggestions so far.

As a first thing, you should remove the `@` s to see any errors. — Pekka, Nov 01 '10 at 22:34
Note that your SQL is open to injection attacks -- see [this xkcd comic](http://xkcd.com/327/) — Cameron, Nov 01 '10 at 22:35
Also, line 4 has a [SQL injection](http://stackoverflow.com/questions/332365/xkcd-sql-injection-please-explain) vulnerability — Pekka, Nov 01 '10 at 22:35
@Cameron great minds think alike, at the same time, and with almost the same link :) — Pekka, Nov 01 '10 at 22:36
Do a `print_r($row);` after `$row = mysql_fetch_array($result);` to make sure you've actually successfully managed to fetch any data. — ceejayoz, Nov 01 '10 at 22:36
@Pekka: Yeah, I laughed when I saw the same comic in the question you linked to :-) — Cameron, Nov 01 '10 at 22:38
Yeah its not going live any time soon, I just need to get the features working atm. I have checked that data is being returned by the mysql query, which it is, however I assumed it was anyway because otherwise it wouldn't show up the image raw data on the screen. I'll try removing the @'s and see if there are any errors — Dan, Nov 01 '10 at 23:09
@Dan You shouldn't even do development code open to SQL injection. All you have to do is forget it *once* when you go to production to be hosed. — alex, Nov 01 '10 at 23:25
@alex Fair point, as everyone has made, and I will resolve that. — Dan, Nov 01 '10 at 23:28

score 3 · Accepted Answer · answered Nov 01 '10 at 23:30

3

It seems using the header

header("Content-type: image/jpeg");

Seemed to work to get it to display as an image - however it did not work with fancybox for some reason. I looked at the API and have sinced forced fancybox to realise it is an image:

$.fancybox({
            'href':'processes/process_watermark.php?imgid=' + id,
            'type':'image'
        });

That makes it display correctly.

Thanks for everyones help - and all the comments reminding me about SQL attacks.

answered Nov 01 '10 at 23:30

Dan

445
6
31

The `type: 'image'` setting was super helpful. Thanks. I always use class binders like `fancy-div`, `fancy-image`, etc., so that I can specify my fancybox settings per type, but this is something I'll now always keep in the `fancy-image` directive. – Charlie Schliesser Feb 21 '12 at 23:54

score 0 · Answer 2 · answered Nov 01 '10 at 22:38

You don't checking fail of mysql_fetch_array maybe query dont result anything?
Maybe path you giving to pathinfo is not correct.
Your debugging script you should have at the top of script error_reporting(E_ALL)
Change $imagesource = "../ajax_uploads/$row[submitter_id]-uploads/$row[filename]"; to $imagesource = "../ajax_uploads/" . $row['submitter_id'] . "-uploads/" . $row['filename'];

Problem displaying image with imagejpeg in PHP

2 Answers2