0

Basically, the whole thought here is changing profile pictures and it will be uploaded in the database.

I want to show a default icon first when the database is still empty but my codes just displays a broken image thumbnail. What could have gone wrong?

<form method="post" enctype="multipart/form-data">    
    <div class="row form-group">
        <div class="col col-md-3">
            <label for="text-input" class="form-control-label">Profile Picture</label>
        </div>
        <div class="col-9 col-md-9">
            <div class="input-group">
                <?php  
                    $query = "SELECT image FROM member WHERE member_id = '$ID'";  
                    $result = mysqli_query($con, $query);  
                    if(mysqli_num_rows($result)>0){
                        while($row = mysqli_fetch_array($result))  
                        {  
                            echo '<img src="data:image/jpeg;base64,'.base64_encode($row['image']).'">';  
                        }  
                    } else{
                        echo "<img src='images/icon.jpg' style='height:200px'draggable='false'>";
                    }
                ?> 
                <div class="col-12">
                    <input type="file" name="image" id="image" style ='margin-left:-10px;margin-top:5px'>
                </div>
                <div class="col-12">
                    <input type="submit" name="insert" id="insert" value="Change Profile Picture" class="btn btn-primary" style ='margin-left:-10px;margin-top:5px'> 
                </div>
                <?php   
                    if(isset($_POST["insert"])){  
                        $file = addslashes(file_get_contents($_FILES["image"]["tmp_name"]));  
                        $query = "UPDATE member SET image = '$file' WHERE member_id='$ID'";  
                        if(mysqli_query($con, $query)){ 
                            echo ("<script LANGUAGE='JavaScript'>
                                window.alert('Profile Picture has been successfully changed!');
                                window.location.href='edit.php';
                                </script>");
                        }  
                    }
                ?>  
            </div>
        </div>
    </div>
</form>
Abegail
  • 71
  • 10
  • 3
    Your script is wide open to [SQL Injection Attack](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) Even [if you are escaping inputs, its not safe!](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) Use [prepared parameterized statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) in either the `MYSQLI_` or `PDO` API's – RiggsFolly Sep 21 '18 at 08:41
  • Fix the HTML there should be a space between `'height:200px'` and `draggable` – RiggsFolly Sep 21 '18 at 08:43
  • 1
    Are you sure that `icon.jpg` exists? And in this path `src='images/icon.jpg'`? – RiggsFolly Sep 21 '18 at 08:44
  • [See this](https://stackoverflow.com/questions/2267476/html-script-tag-type-or-language-or-omit-both) The `LANGUAGE='JavaScript'` attribute has been deprecated forever – RiggsFolly Sep 21 '18 at 08:45
  • If your query is only ever going to return ONE row, as I assume `SELECT image FROM member WHERE member_id = '$ID'` will do, you dont have to WHILE loop over a single result. – RiggsFolly Sep 21 '18 at 08:49
  • @RiggsFolly what happens when I encounter an SQL Injection Attack? – Abegail Sep 21 '18 at 08:49
  • 1
    You might get your whole database deleted, or you might let a hacker view all your data. – RiggsFolly Sep 21 '18 at 08:50
  • @RiggsFolly that image exists, i can access it too. Please ignore the insert code because it works. – Abegail Sep 21 '18 at 08:51
  • i dont see any INSERT code, all your queries are open to SQL Injection – RiggsFolly Sep 21 '18 at 08:52
  • This `if(isset($_POST["insert"]))` code works @RiggsFolly – Abegail Sep 21 '18 at 08:54
  • Look at the `view page source` on your browser. Which `` line do you see? The one with the base64 or the one with the `icon.jpg` – RiggsFolly Sep 21 '18 at 08:54
  • @RiggsFolly it shows ` ` – Abegail Sep 21 '18 at 08:57
  • Ok, so does the `member` with `member_id = $ID` exist on the table? – RiggsFolly Sep 21 '18 at 09:00
  • @RiggsFolly yes, when I'm using localhost, my code works but when I use it online it just won't – Abegail Sep 21 '18 at 09:02
  • You didn't say that in your question!!!!! Then its likely a pathing issue. Can you show us a url to the live site that shows that image – RiggsFolly Sep 21 '18 at 09:05
  • Well if the `member` with `member_id = $ID` exist on the table, then you are ALWAYS going to get ONE row in the result set. So you will always go through the base64 version of the code – RiggsFolly Sep 21 '18 at 09:07
  • Sorry, I can't show you the link, it's confidential @RiggsFolly – Abegail Sep 21 '18 at 09:13
  • If the `image` doesn't exist, then it should display the default one. But it doesn't. – Abegail Sep 21 '18 at 09:15
  • But you dont test if `$row['image']` actually contains a valid image, you just assume if the member exists there must be an image saved with the member data!!!! – RiggsFolly Sep 21 '18 at 09:17
  • The code looks okay, you probably storing the wrong url, so your website can't find the file, and is displaying a no-image-found icon – Kebab Programmer Sep 21 '18 at 09:23
  • Please don't be mad, I'm just a beginner :( @RiggsFolly – Abegail Sep 21 '18 at 09:25
  • @ProgrammingNewb Hi, I even put the url link as the image source to be sure but it still won't display it. – Abegail Sep 21 '18 at 09:26
  • I imagine you are storing the location of the image like this -> **images/filename.jpg**. Make sure the name of your image folder is the same as the url links. – Kebab Programmer Sep 21 '18 at 09:27
  • Abegail I am not mad, just trying to walk through a fault finding session with you – RiggsFolly Sep 21 '18 at 09:39
  • @RiggsFolly Thank you for help though. I just kinda felt intimidated, that's all. But you were very helpful. I appreciate it so much. – Abegail Sep 22 '18 at 04:37

2 Answers2

1

if your database is empty upload query will not work. if your image row is empty then your code should be like if image row is not empty display image else display the default image.

if(mysqli_num_rows($result)>0){
    while($row = mysqli_fetch_array($result)) { 
        if (isset($row['image']) && !empty($row['image'])) {
            echo '<img src="data:image/jpeg;base64,'.base64_encode($row['image']).'">';
        } else {
            echo "<img src='images/icon.jpg' style='height:200px'draggable='false'>";
        }                       
    } // endwhile
} else{
    echo "no result found";
}
RiggsFolly
  • 93,638
  • 21
  • 103
  • 149
Rutvi Trivedi
  • 93
  • 7
  • 1
    Why? **Good answers** will always have an explanation of what was done and why it was done that way, not only for the OP but for future visitors to SO that may find this question and be reading your answer. – RiggsFolly Sep 21 '18 at 09:15
  • Thank you for suggetion @RiggsFolly. I will keep that in account. – Rutvi Trivedi Sep 21 '18 at 09:19
  • 1
    Also I think you are missing a `}` somewhere in there to terminate the while loop – RiggsFolly Sep 21 '18 at 09:23
  • Thank you! Now it says 'no result found.' – Abegail Sep 21 '18 at 09:24
  • I find this answer contradicting itself – Kebab Programmer Sep 21 '18 at 09:26
  • ok then replace "not result found" with "" @Abegail and make sure you have written right image path – Rutvi Trivedi Sep 21 '18 at 09:26
  • I meant, with mysqli_num_rows, you are always going to return rows from your database, but then you are saying inside that scope, if you haven't found anything, then display the default image, when it should be if you haven't found anything with mysqli_num_rows, then display the default image, then what happens if mysqli_num_rows = 0? then nothing happens – Kebab Programmer Sep 21 '18 at 09:32
  • @Abegail You are welcome. You can mark as approved if it is working. Good Luck – Rutvi Trivedi Sep 21 '18 at 09:33
  • 1
    @ProgrammingNewb it says that if you have database not empty but only image field is empty then display the default image. Be whole database empty and one field empty are two different things. – Rutvi Trivedi Sep 21 '18 at 09:48
  • @RutviTrivedi there were some problems with the terminators yesterday but I see you already edited it. Really helpful though! Thanks again :) – Abegail Sep 22 '18 at 04:18
0

While writing HTML or CSS code inside PHP you should put a \ before all double quotations and you need change all quotations to double quotation.like shown below:

          echo "<img src=\"images/icon.jpg\" style=\"height:200px;\" draggable=\"false\">";

I didn't check your PHP codes, If you've coded them properly the problem is obviously what I mentioned.

sina maleki
  • 25
  • 5