Attempting to display an image in PHP from a MySQL database

Question

I attempted to display the image using PHP with the following code

<?php
header('Content-type: image/png');
 $port = "*";
 $server = "*:".$port;
 $dbname ="*";
 $user = "*";

 $conn = mysql_connect ("$server", "$user", "$pass") or die ("Connection
 Error or Bad Port");

mysql_select_db($dbname) or die("Missing Database");


    $speakerPic = $_POST['speakerPic'];
    $query = "SELECT Speaker.speaker_picture AS image FROM  Speaker JOIN Contact c USING(contact_id) 
    WHERE c.lname = '";
    $query .= $speakerPic."';";


$result = mysql_query($query,$dbname); 
$result_data = mysql_fetch_array($result, MYSQL_ASSOC);

echo $result_data['image'];   
?>

I keep on receiving this error, The image “.../query2.php” cannot be displayed because it contains errors.

Sorry to keep on bugging you guys, but can anyone tell what the problem is?

Beware of any output whatsoever from inluded scripts. Make sure to eliminate anything outside of your tags. In fact, you should delete your closing ?> tag entirely to ensure there's no whitespace following it. Make sure your script isn't echoing some sort of error message. — Frank Farmer, Dec 09 '11 at 00:27
Look at the HTTP request for the image with your browser's developer tools. Specifically pay attention to the `Content-Length` header. See if this is different than the size of the image (which I presume you already know) for a couple of different images. If it's different, how much of a difference? Is the difference the same for different images or does it stay constant? — Jon, Dec 09 '11 at 00:41
Also, your code is vulnerable to [SQL injection](http://stackoverflow.com/questions/60174/best-way-to-stop-sql-injection-in-php). — Jon, Dec 09 '11 at 00:42

Mike Purcell · Answer 1 · 2011-12-09T01:05:36.963

Not going to lie, there is a lot of bad with the OP code.

You should be pulling images from the database by id, not some string
You are not sanitizing the var being used in the query
You are not serving a default image if one doesn't exist
Also, I would suggest storing file uris in your database, not the actual image (blob). You should store a pointer to an image on your filesystem.

Not going to clean up the code too much, just make it less bad. I'd suggest something along these lines (untested):

// Utility.php
class Utility
{
    /**
     *
     * @param mixed $id is abstract, could be name or an actual id
     * @return string?
     */
    public static function getImage($id)
    {
        try {
            $port = "*";
            $server = "*:".$port;
            $dbname ="*";
            $user = "*";

            $conn = mysql_connect ("$server", "$user", "$pass");

            if (!$conn) {
               throw new Exception("Connection Error or Bad Port");
            }

            if (!mysql_select_db($dbname)) {
                throw new Exception("Missing Database");
            }

            $query = "SELECT Speaker.speaker_picture AS image FROM  Speaker JOIN Contact c USING(contact_id) WHERE c.lname = " . mysql_real_escape_string($id). ";";

            $result = mysql_query($query,$dbname); 
            $result_data = mysql_fetch_array($result, MYSQL_ASSOC);

            if (!isset($result_data['image'])) {
                throw new Exception('Image not found');
            }

            echo $result_data['image'];

         } catch Exception($e) {

             error_log($e->getMessage();

             return file_get_contents('/path/to/some/default/image.png');
         }   
    }
}

// image.php
require_once 'Utility.php';

header('Content-type: image/png');
ob_start();
Utility::getImage($_POST['speakerPic']);
$image = ob_get_flush();

echo $image;

Thanks. I'm definitely a beginner, I'll be trying to wrap around my head around your code. I really do appreciate you taking the time, this community is awesome. — user1087799, Dec 09 '11 at 02:31
@user1087799: No worries... didn't mean to come across as overly harsh. — Mike Purcell, Dec 09 '11 at 04:02

Attempting to display an image in PHP from a MySQL database

1 Answers1