-2

I'm trying to display the profile photo which has been uploaded at the start to the database, but its not showing it in the website. This is how it looks: enter image description here

Here's the code to get the information from database:

<?php
    session_start(); // start the session
    include('config.php');  
    if(!isset($_SESSION['email'])){ // check if user is not logged in
        header('Location: login.php'); // redirect to login page
        exit(); // prevent further execution of the script
    }

    $email = $_SESSION['email']; // get the email from session
    $sql = "select * from profile where email_id = '$email'"; // select user's information from the database
    $result = mysqli_query($con, $sql);
    $row = mysqli_fetch_array($result);
    
?>

Here's the code to display the image and rest of the information:

<?php
if($row['images']) {
   echo '<img src="uploaded_img/'.$row['images'].'" class="image" alt="" style="border-radius: 20px;">';
} else {
   echo '<img src="images/default-avatar.png" class="image" alt="" style="border-radius: 20px;">';
}
?>
         <h3><?php echo $row['name']; ?></h3>
         <p>Email: <?php echo $row['email_id']; ?></p>
    <p>Country: <?php echo $row['country']; ?></p>
    <p>Religion: <?php echo $row['religion']; ?></p>
    <p>Caste: <?php echo $row['Caste']; ?></p>
    <p>Zodiac: <?php echo $row['zodiac']; ?></p>
    <p>Religion: <?php echo $row['religion']; ?></p>
    <p>Mobile Number: <?php echo $row['mobile_number']; ?></p>
    <p>Landline: <?php echo $row['Landline']; ?></p>

Image column type is blob in the database and the path of the image is correct, it shows the image name correctly

What can be the issue, can you please tell where went wrong and why, Thank you in advance

Sarathchandra M
  • 25
  • 7
  • It's getting an error trying to load the image. Are you sure the directory is correct? – Barmar Mar 20 '23 at 23:03
  • Make sure you have image in db, also check image col type. – Meghshyam Sonar Mar 20 '23 at 23:06
  • yes, the directory is correct, its even showing the img name in the inspect bar – Sarathchandra M Mar 20 '23 at 23:19
  • image col type is blob – Sarathchandra M Mar 20 '23 at 23:27
  • Did you perhaps store the image file itself, not the file name, in the database? – KIKO Software Mar 20 '23 at 23:32
  • '

    Kindly upload image in JPG or PNG fromat

    ' I uploaded the file like this. Is this wrong? @KIKOSoftware     – Sarathchandra M Mar 20 '23 at 23:43
  • Where/how do you insert/store that file? – user3783243 Mar 20 '23 at 23:48
  • That's a file input, that does indeed mean you uploaded the image to the server, but it doesn't tell me what you did with it once it arrived on the server. Did you save the file to `uploaded_img/` directory and did you save the file name in the database? – KIKO Software Mar 20 '23 at 23:48
  • $Insert = "INSERT INTO profile(Name,age,gender,religion,mother_tongue,caste,country,mobile_number,Landline,images,zodiac,email_id,Username,Password,ConfirmPassword) values(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?)"; $stmt = $conn->prepare($Insert); $stmt>bind_param("sisssisssssssss",$Namee,$age,$gender,$religion,$mother_tongue,$caste,$country,$mobile_number,$Landline,$images,$zodiac,$email_id,$Username,$Passwordd,$ConfirmPassword); $stmt->execute(); This is how i inserted it – Sarathchandra M Mar 20 '23 at 23:56
  • 2
    `$images` is what? Please add code details to the question, not as comments. Also no reason to store a confirm password in db. – user3783243 Mar 20 '23 at 23:58
  • $images = $_POST['image']; will this help? – Sarathchandra M Mar 21 '23 at 00:10
  • 2
    You shouldn't use `$_POST` for files. Please see: [Handling file uploads](https://www.php.net/manual/en/features.file-upload.php). – KIKO Software Mar 21 '23 at 00:12
  • **Warning:** You are wide open to [SQL Injections](https://php.net/manual/en/security.database.sql-injection.php) and should use parameterized **prepared statements** instead of manually building your queries. They are provided by [PDO](https://php.net/manual/pdo.prepared-statements.php) or by [MySQLi](https://php.net/manual/mysqli.quickstart.prepared-statements.php). Never trust any kind of input! Even when your queries are executed only by trusted users, [you are still in risk of corrupting your data](http://bobby-tables.com/). [Escaping is not enough!](https://stackoverflow.com/q/32391315) – Dharman Mar 21 '23 at 10:03
  • @SarathchandraM, please edit your question to add additional information that is requested in the comments. Also dump the value of `$row[images]` and confirmed that there is an image at that path. – Rohit Gupta Mar 21 '23 at 14:10

1 Answers1

0

this is the wrong or the invalid approach as per my knowledge,

saving the image in database is not suggested, because the db size gets hug if the user count is 1000 and each usr upload just low quality image of 200kb each, this is the best view as per my view, because every user uploads his personalised and may increase if user count increases.

i suggest to save the images to server on a specific folder or on other file storages like S3 bucket and save the path of the image uploaded.

ShivaPendem
  • 51
  • 2