BLOB Image returning broken image

Question

I've found a lot of solutions on SO that worked for others, but not for me! Guidance in the correct direction would be appreciated.

Note: I know a lot of people may not be a fan of storing images in blobs, but for my particular application it is suffice.

Snippet of HTML Code on Upload page (this is within a form that has other data):

<div class="row">
            <div class="col-md-6">
                <div class="form-group">
                    <label>Summary Image</label>
                        <br /><input name="summaryImage" id="imgInp1" type="file" accept="image/*"  onchange="Prev1(this)" />
                        <br /><img id="imgPrev1" src="" alt="Summary Image Preview" style="width:99%; height: 400px; margin-top:10px;" />
                </div>
            </div>
            <div class="col-md-6">
                <div class="form-group">
                    <label>Article Image</label>
                        <br /><input name="articleImage" id="imgInp2" type="file" accept="image/*"  onchange="Prev2(this)" />
                        <br /><img id="imgPrev2" src="" alt="Article Image Preview" style="width:99%; height: 400px; margin-top:10px;" />
                </div>
            </div>
        </div>

Snippet of PHP code on Upload page

//Summary Image
$summaryimage = $_FILES['summaryImage'];
if(is_uploaded_file($_FILES['summaryImage']['tmp_name']) && getimagesize($_FILES['summaryImage']['tmp_name']) != false)
{
    // Gather image info
    $size = getimagesize($_FILES['summaryImage']['tmp_name']);
    // Assign variables
    $type = $size['mime'];
    $imgfp = fopen($_FILES['summaryImage']['tmp_name'], 'rb');
    $size = $size[3];
    $name = $_FILES['summaryImage']['name'];
    $summaryimagesize = $_FILES['summaryImage']['size'];
    $maxsize = 15728640;


    // Check image file size
    if($summaryimagesize < $maxsize ) {
        //Image size checks out, insert blob into database
        mysql_query("UPDATE projects 
                        SET summaryimage='$summaryimage', summaryimagesize='$summaryimagesize' 
                    WHERE job='$job'") or die (mysql_error());;

        } else if($summaryimagesize > $maxsize) {
        // Image file size too big
        header("LOCATION: /projects.php?message=imagesize");
        }
    } else {
    // Any other error
    header("LOCATION: /projects.php?message=imageformat");
    }

    //Article Image
    $articleimage = $_FILES['articleImage'];
    if(is_uploaded_file($_FILES['articleImage']['tmp_name']) && 
        getimagesize($_FILES['articleImage']['tmp_name']) != false)
    {
        // Gather image info
        $size = getimagesize($_FILES['articleImage']['tmp_name']);
        // Assign variables
        $type = $size['mime'];
        $imgfp = fopen($_FILES['articleImage']['tmp_name'], 'rb');
        $size = $size[3];
        $name = $_FILES['articleImage']['name'];
        $articleimagesize = $_FILES['articleImage']['size'];
        $maxsize = 15728640;

        // Check image file size
        if($articleimagesize < $maxsize ) {
            //Image size checks out, insert blob into database
             mysql_query("UPDATE projects SET articleimage='$articleimage', articleimagesize='$articleimagesize' WHERE job='$job'") or die (mysql_error());;

            } else if($articleimagesize > $maxsize) {
            // Image file size too big
            header("LOCATION: /projects.php?message=imagesize");
            }
        } else {
        // Any other error
        header("LOCATION: /projects.php?message=imageformat");
        }

    header("LOCATION: /projects.php?message=success");

}

The database stores the blob as a longblob type, no problems:

Code I'm using to encode the image and display it:

<?php echo '<img src="data:image/jpeg;base64,' . base64_encode( $post['summaryimage'] ) . '" />'; ?>

What the page shows:

When I right click > copy image location:

data:image/jpeg;base64,QXJyYXk=

@RiggsFolly 5 bytes as shown in PHPMyAdmin picture. The image I uploaded in there is a little more than 2MB. I don't know how compressed a blob is so I'm not sure if thats an issue. — Ajility, Jan 25 '17 at 17:58
Every time you use [the `mysql_`](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php) database extension in new code **[a Kitten is strangled somewhere in the world](http://2.bp.blogspot.com/-zCT6jizimfI/UjJ5UTb_BeI/AAAAAAAACgg/AS6XCd6aNdg/s1600/luna_getting_strangled.jpg)** it is deprecated and has been for years and is gone for ever in PHP7. If you are just learning PHP, spend your energies learning the `PDO` or `mysqli` database extensions and prepared statements. [Start here](http://php.net/manual/en/book.pdo.php) — RiggsFolly, Jan 25 '17 at 17:59
No how big is the BLOB on your database, there are 3 possible sizes. Is it big enough to hold ALL your image — RiggsFolly, Jan 25 '17 at 18:00
I dont see where you `base64encode()` the uploaded images either — RiggsFolly, Jan 25 '17 at 18:02
@RiggsFolly I was waiting for it! Haha, I'm on a short deadline to get this working so I'm working with what I'm familiar with. I plan to learn it and convert my code. Definitely not efficient, I know, but I've got tech-illiterate people to please — Ajility, Jan 25 '17 at 18:02
@RiggsFolly longblob, see the end of my post for `base64_encode` — Ajility, Jan 25 '17 at 18:03
`QXJyYXk=` is not long enough to hold a whole image of any kind. — RiggsFolly, Jan 25 '17 at 18:05
@RiggsFolly I thought so. Does this mean that there is an issue saving the image in its respective table as a blob in my PHP code? The longblob is also only 5 bytes in size, but the image is about 2MB raw. Everything looks right to me but that — Ajility, Jan 25 '17 at 18:12

Xorifelse · Answer 1 · 2017-01-25T18:35:08.867

3

QXJyYXk= is base64 for array so you're storing array data instead of an image.

The fix is to grab the contents of the image and store that instead:

 $summaryimage = file_get_contents($_FILES['summaryImage']['tmp_name']);

Since you're not using prepared statements, you should escape quotes:

 $summaryimage = addslashes(file_get_contents($_FILES['summaryImage']['tmp_name']));

When displaying you should remove them again before encoding them:

base64_encode(stripslashes($post['summaryimage']))

edited Jan 25 '17 at 18:35

answered Jan 25 '17 at 18:15

Xorifelse

7,878
1
27
38

Thank you, I was just looking at this variable and had a hunch there was an issue with it.. however I now have an error with my MySQL syntax after changing that line of code: **_You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '' at line 1_** `mysql_query("UPDATE projects SET summaryimage='$summaryimage', summaryimagesize='$summaryimagesize' WHERE job='$job'") or die (mysql_error());;` – Ajility Jan 25 '17 at 18:23
You wouldn't have that issue if you where using prepared statements, perhaps try `addslashes()` before saving and `stripslashes()` before displaying. Read RiggsFolly's comment, will safe time in the long run anyways. – Xorifelse Jan 25 '17 at 18:29

score 1 · Answer 2 · answered Jan 25 '17 at 19:46

1

Using @Xorifelse's answer, I was able to lead myself to a working solution after playing around for about an hour.

Because this was an SQL query, I can't have any ' in the binary because it will break it (who knew it would have special characters?!). So I used $summaryimage = mysql_real_escape_string(file_get_contents($_FILES['summaryImage']['tmp_name']));

All is working now when displaying the image :)

answered Jan 25 '17 at 19:46

Ajility

526
3
19

I'm sorry, 3 remarks about using **prepared statements** and you're still stubborn enough to use the `mysql` API. `mysql_real_escape_string()` is broken, its **unsafe** to use. Infact most of your queries are liable to injection. This means I could run **ANY** query on **your** database. Read [this](http://stackoverflow.com/questions/41858362/blob-image-returning-broken-image/41858730#comment70900721_41858362) again! – Xorifelse Jan 26 '17 at 21:24
Not stubborn, just don't have the time to re-learn at this point in time! It will be done in due time (a month from now) and I hope you'll look out for the many questions I'll have when converting haha. I know, I know, converting will probably be harder (and definitely less efficient) but the boss man says these deadlines need to be made and I get paid by the hour to follow orders – Ajility Jan 27 '17 at 15:32

BLOB Image returning broken image

2 Answers2