| Re: Displaying a longblob as an image [message #170246 is a reply to message #170239] |
Fri, 22 October 2010 18:07   |
The Natural Philosoph
Messages: 993
Registered: September 2010
Karma:
|
Senior Member |
|
|
Robert Tomsick wrote:
> The Natural Philosopher wrote:
>
>> anu wrote:
>>> I am storing an image as a longblob in MYSQL. I would like to know how
>>> I can display the image in my form in PHP since the image is stored as
>>> ascii in the MySQL table.
>> If its a longblob, it wont be in ASCII...
>>
>> You display in two stages
>>
>> You need an IMG statement that references a php program that can send
>> the image.
>>
>> e.g. I have this..
>>
>> printf("<IMG border=\"0\" src=\"send_picture.php?id=%d\" alt=\"%s\">",
>> $id,(mysql_result($result,$i,'picture_filename')=="")?"
>> No Image":$name);
>>
>> where the picture is stored in a table (product) blob along with its name.
>>
>> The actual record ID is passes to send_picture.php.
>> This is the code in that script.
>>
>> The file lib.php contains general authentication and database code.
>>
>> The mimelib.php is really just to have the function get_mime, which in
>> my case simply reads the mime type from the linux list of mime types.
>>
>>
>> send_picture.php
>> ================
>>
>> <?php
>> include('lib.php');
>> include('mimelib.php');
>> open_database(); // ready to check
>> $id=$_GET['id'];
>> $query="select picture, picture_filename, picture_size from product
>> where id='".$id."'";
>> //echo $query;
>> $result=mysql_query($query);
>> if(($result>0) && (($rows=mysql_numrows($result)) == 1)) //got some data
>> {
>> $name=mysql_result($result,0,'picture_filename');
>> $content=mysql_result($result,0,'picture');
>> $size=mysql_result($result,0,'picture_size');
>> }
>> else die();
>> if ($name="") die();
>> $mtype=get_mime($name);
>> header("Content-Type: ".$mtype);
>> header("Content-Disposition: inline; filename=\"".$name."\"");
>> header("Content-Transfer-Encoding: binary");
>> header("Content-Length: ".strlen($content));
>>
>> print $content; ?>
>>
>>
>> ** NOTE. Leave nothing at all after the closing ?> or it gets added to
>> the download. **
>>
>>
>> mimelib.php
>> ===========
>> ?php
>> // looks up mime type in /etc/mime.types and returns the type, or a
>> default if unmatched
>> // makes no attempt to interrogate the file content as such.
>> // THIS NEEDS MORE WORK!!! it doesn't get all types..espcially DWG/DXF!!
>> // Mind you we don't want to inmvoke plug-ins for these..
>> function get_mime($filename)
>> {
>> $default="application/force-download";
>> // first extract the extension
>> $array=explode(".",$filename); // split the name into the bits separated
>> by periods
>> $count=count($array);
>> if ($count<2) // if there IS NO extension..
>> return $default; // and let the user sort it out.
>> $ext=$array[$count-1]; // it will be the last element in the array..
>> $fp=fopen("/etc/mime.types", "r");
>> if(!$fp) return ($default); // no /etc/mime.types file
>> while (!feof($fp))
>> {
>> $buffer = fgets($fp, 128);
>> if (ctype_space($buffer{0}) || $buffer{0}=='#' ||
>> $buffer{0}=='\n')
>> continue; // skip empty lines. or lines starting with spaces
>> or hashes
>> sscanf($buffer, "%s %s %s %s %s %s \n",$mime_type,$extension,
>> $extension1, $extension2, $extension3, $extension4);
>> if ($ext==$extension || $ext==$extension1 || $ext==$extension2 ||
>> $ext==$extension3 || $ext==$extension4 )
>> {
>> fclose ($fp);
>> return($mime_type);
>> }
>> }
>> fclose($fp);
>> return $default;
>> }
>> ?>
>
> Needless to say, you shouldn't follow the above code exactly, as doing so
> will make it trivial for some jerk to come along and nuke your database...
>
SQL injection?
easily fixed by using printf("'%d'",id) to form the query string.
|
|
|
|
Calendar
Search
Help
Members
Register
Login
Home
]