I had posted a similar post a few days back, about an display script which is supposed to retrieve a stored image from my database and displays it on an html page, but fails to do so. Someone suggested that I upload my image onto a folder on the server and then save the image path name in my database. I found this script(below) which does just that. It uploads the image into a folder on the server called images and stores the image path into a table in my database called images and I know this script works because i saw the file saved in the images folder and the path name inserted into the images table.
<?php
//This file inserts the main image into the images table.
//address error handling
ini_set ('display_errors', 1);
error_reporting (E_ALL & ~E_NOTICE);
//authenticate user
//Start session
session_start();
//Connect to database
require ('config.php');
//Check whether the session variable id is present or not. If not, deny access.
if(!isset($_SESSION['id']) || (trim($_SESSION['id']) == '')) {
header("location: access_denied.php");
exit();
}
else{
// Check to see if the type of file uploaded is a valid image type
function is_valid_type($file)
{
// This is an array that holds all the valid image MIME types
$valid_types = array("image/jpg", "image/jpeg", "image/bmp", "image/gif");
if (in_array($file['type'], $valid_types))
return 1;
return 0;
}
// Just a short function that prints out the contents of an array in a manner that's easy to read
// I used this function during debugging but it serves no purpose at run time for this example
function showContents($array)
{
echo "<pre>";
print_r($array);
echo "</pre>";
}
// Set some constants
// This variable is the path to the image folder where all the images are going to be stored
// Note that there is a trailing forward slash
$TARGET_PATH = "images/";
// Get our POSTed variable
$image = $_FILES['image'];
// Sanitize our input
$image['name'] = mysql_real_escape_string($image['name']);
// Build our target path full string. This is where the file will be moved to
// i.e. images/picture.jpg
$TARGET_PATH .= $image['name'];
// Make sure all the fields from the form have inputs
if ( $image['name'] == "" )
{
$_SESSION['error'] = "All fields are required";
header("Location: member.php");
exit;
}
// Check to make sure that our file is actually an image
// You check the file type instead of the extension because the extension can easily be faked
if (!is_valid_type($image))
{
$_SESSION['error'] = "You must upload a jpeg, gif, or bmp";
header("Location: member.php");
exit;
}
// Here we check to see if a file with that name already exists
// You could get past filename problems by appending a timestamp to the filename and then continuing
if (file_exists($TARGET_PATH))
{
$_SESSION['error'] = "A file with that name already exists";
header("Location: member.php");
exit;
}
// Lets attempt to move the file from its temporary directory to its new home
if (move_uploaded_file($image['tmp_name'], $TARGET_PATH))
{
// NOTE: This is where a lot of people make mistakes.
// We are *not* putting the image into the database; we are putting a reference to the file's location on the server
$sql = "insert into images (member_id, image_cartegory, image_date, image) values ('{$_SESSION['id']}', 'main', NOW(), '" . $image['name'] . "')";
$result = mysql_query($sql) or die ("Could not insert data into DB: " . mysql_error());
header("Location: images.php");
echo "File uploaded";
exit;
}
else
{
// A common cause of file moving failures is because of bad permissions on the directory attempting to be written to
// Make sure you chmod the directory to be writeable
$_SESSION['error'] = "Could not upload file. Check read/write persmissions on the directory";
header("Location: member.php");
exit;
}
} //End of if session variable id is not present.
?>
Now the display image script accompanying this insert image script is shown below.
<?php
// Get our database connector
require("config.php");
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Dream in code tutorial - List of Images</title>
</head>
<body>
<div>
<?php
// Grab the data from our people table
$sql = "SELECT * from images WHERE image_cartegory = 'main'";
$result = mysql_query($sql) or die ("Could not access DB: " . mysql_error());
while ($row = mysql_fetch_assoc($result))
{
echo "<div class=\"picture\">";
echo "<p>";
// Note that we are building our src string using the filename from the database
echo "<img src=\"images/ " . $row['filename'] . " \" alt=\"\" />";
echo "</p>";
echo "</div>";
}
?>
</div>
</body>
</html>
Well, needless mentioning, the picture isn’t displayed. Just a tiny jpeg icon is displayed at the top left hand corner of the page. Figuring out that the problem might be the lack of a header that declares the image type, I add this line
header(“Content-type: image/jpeg”);
but all it does is display a blank white page, without the tiny icon this time. What am I missing? Any clues??