Images aren't rotating

Question

Alright. I've been looking around for a solution for some time now but I cannot seem to figure out why images aren't rotating on my Debian server using PHP.

$content_id = escapeQuery($_GET['id']); // escapeQuery is a function i created that removes all the nasty SQL injection methods
$sql = mysqli_query($mysqli, "SELECT * FROM images WHERE id = '$content_id'");
$data_array[] = $sql->fetch_assoc();
$image_url = $data_array[0]['file_name'];

$file_extension = explode('.', $image_url);

if (isset($_GET['rotate']) && !empty($_GET['rotate'])) {
  $rotate_images = array('original', 'thumbnail', 'resized');

  foreach ($rotate_images as $value) {

    $filename = '/var/www/sitename.com/images/'.$value.'/' . $image_url;
    $degrees = 90;

    if ($file_extension[1] === 'jpg' or $file_extension[1] === 'jpeg') {
      $source = imagecreatefromjpeg($filename);
      $rotate = imagerotate($source, $degrees, 0);
      imagejpeg($rotate);
    } elseif ($file_extension[1] === 'png') {
      $source = imagecreatefrompng($filename);
      $rotate = imagerotate($source, $degrees, 0);
      imagepng($rotate);
    } elseif ($file_extension[1] === 'webp') {
      $source = imagecreatefromwebp($filename);
      $rotate = imagerotate($source, $degrees, 0);
      imagewebp($rotate);
    } elseif ($file_extension[1] === 'gif') {
      $source = imagecreatefromgif($filename);
      $rotate = imagerotate($source, $degrees, 0);
      imagegif($rotate);
    } elseif ($file_extension[1] === 'bmp') {
      $source = imagecreatefrombmp($filename);
      $rotate = imagerotate($source, $degrees, 0);
      imagebmp($rotate);
    } else {
    // some action here 
    }
  }
  imagedestroy($rotate);
  // some action here 
  exit;
}

What I have tried to fix it:

I installed the GD Graphics Library
I made sure all the images aren't protected from changes
Tried most examples and i've read a lot of documentation on all the functions

Your script is vulnerable to [SQL Injection Attack](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php). Even if [you are escaping variables, its not safe](https://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string])! You should always use [prepared statements and parameterized queries](https://www.php.net/manual/en/mysqli.quickstart.prepared-statements.php) in either the `MYSQLI` or `PDO` instead of concatenating user provided values into the query. — Andrea Olivato, Apr 09 '22 at 14:52
@AndreaOlivato I clearly state in the code that the function `escapeQuery` removes all the SQL injection methods. — Niels, Apr 09 '22 at 15:01

score 0 · Accepted Answer · answered Apr 15 '22 at 12:20

I ended up fixing the issue myself.

It wasn't super clearly documented but to save the image to the server you have to define the exact location of the image in the imagejpeg function like so imagejpeg($rotate, $destination);

Hope this helps anyone in the future :)

Images aren't rotating

1 Answers1