On Wed, April 11, 2007 8:10 am, Ross wrote:
> tthe image does not display although it exists in the table 'images'
>
>
> This calls the download script
>
>
> <?
> $property_id = $_SESSION['property_id'] ;
> $query = "SELECT * FROM images WHERE property_id='$property_id'";
> $result = mysql_query($query);
> while($row = mysql_fetch_array($result, MYSQL_ASSOC))
> {
>
> echo $id= $row['id'];
> echo $title= $row['title'];
> $link = "download.php?id=$id";
> }
> ?>
> <img src="<?php echo $link; ?>"/>
Instead of just looking at a broken image in an image tag, surf
DIRECTLY to the $link URL of the image, and see what comes out.
Invariably, your PHP / SQL bug will be printed direct to your browser,
or wherever your errors go, if you've actually set things up
correctly.
> this is the download script
>
> id = $_GET['id'];
> $query = "SELECT name, type, size, content FROM images WHERE id
> ='$id'";
Do we need to scream SQL injection again?
http://phpsec.org/
> $result = mysql_query($query) or die(mysql_error());
> list($name, $type, $size, $content) = mysql_fetch_array($result);
>
> header("Content-length: $size");
> header("Content-type: $type");
>
> echo $content;
>
> exit;
There are *so* many things that can go wrong with storing the iamge in
the database... We've beat that horse to death here, both ways.
All I can say is that this script is *SO* simple, I suspect that
*content* is not what you think it is, for whichever of the doezen
reasons that crop up when you start cramming large-size binery data
into the DB.
What DB data type is the content field?
How much can it hold?
What did you actually cram in there?
Did you remember to mysql_real_escape_string() it?
.
.
.
--
Some people have a "gift" link here.
Know what I want?
I want you to buy a CD from some indie artist.
http://cdbaby.com/browse/from/lynch
Yeah, I get a buck. So?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
