Displaying Image from database?

Question

I have a form that submits, Both text and of course, my image file to my database along with moving to image to a permanent directory.

The issue I am having is when I pull and display the content from the database everything shows apart from the image file.

Images for better context Database entry, End result

HTML Form

<?php
    include("inc/dbconfig.php");
    error_reporting(0);


    if (isset($_POST['btn-signup'])){
        //Text Data Input
        $cardName = $_POST['cardName'];
        $cardSet = $_POST['cardSet'];
        $cardRarity = $_POST['cardRarity'];

        $cardImg = $_FILES['cardImage']["name"];
        move_uploaded_file($_FILES["cardImage"]["tmp_name"],"../".$_FILES["cardImage"]["name"]);

        $cardImgPath = "media/images/userUpload/".$_FILES["cardImage"]["name"];

        $mysqlQ =("INSERT INTO cards (cardName, cardSet, cardRarity, cardImage) VALUES ('$cardName', '$cardSet', '$cardRarity', '$cardImgPath')");
        mysqli_query($conn,$mysqlQ);

        header('Location: directory.php');
    }
    exit();
?>

Displaying the data

<?php function itemCard (array $row) { ?>
    <div class="card" style="width: 18rem;">
        <img class="card-img-top" src="<?php echo '../'. $row['cardImage']?>" alt="Card fsa cap">
        <div class="card-body">
            <h5 class="card-title"><?= $row["cardName"]?></h5>
            <p class="card-text">Card Set: <b><?= $row["cardSet"]?></b></p>
            <p class="card-text">Card Rarity: <b><?= $row["cardRarity"]?></p>
        </div>
    </div>
<?php } ?>

Have you taken a look at the generated HTML to verify the generated `src` is correct? — El_Vanja, Dec 24 '20 at 10:58
What purpose does `$cardImgPath` serve since you dont seem to be using it when you do your `move_uploaded_file()`? — GetSet, Dec 24 '20 at 10:58
Also, please see [this question](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) to learn how to write safe queries, as the way you're doing it now is open to SQL injection. — El_Vanja, Dec 24 '20 at 11:00
@El_Vanja Thanks for the feedback after looking at the HTML I looked like path issue that I overlooked. — Adam, Dec 24 '20 at 11:05
**Warning:** You are wide open to [SQL Injections](https://php.net/manual/en/security.database.sql-injection.php) and should use parameterized **prepared statements** instead of manually building your queries. They are provided by [PDO](https://php.net/manual/pdo.prepared-statements.php) or by [MySQLi](https://php.net/manual/mysqli.quickstart.prepared-statements.php). Never trust any kind of input! Even when your queries are executed only by trusted users, [you are still in risk of corrupting your data](http://bobby-tables.com/). [Escaping is not enough!](https://stackoverflow.com/q/5741187) — Dharman, Dec 24 '20 at 16:09

score 0 · Answer 1 · answered Dec 24 '20 at 12:53

0

can you confirm me your uploaded image stored in folder else follow the steps

use $_SERVER['DOCUMENT_ROOT'] path instead of '../'.
that image moved folder have write permission (777)?

answered Dec 24 '20 at 12:53

Nathan

1
2

Displaying Image from database?

1 Answers1