0

I am in the early stage of developing a bidding system whereby users are able to insert items that they want to sell. Here is the script to copy the image from the temporary path and store the path of the image to another folder.

    define ("MAX_SIZE","10000");

    //This function reads the extension of the file. It is used to determine if the file is an image by checking the extension.
    function getExtension($str) {
        $i = strrpos($str,".");
        if (!$i) {
            return "";
        }
        $l = strlen($str) - $i;
        $ext = substr($str,$i+1,$l);
        return $ext;
    };

    //This variable is used as a flag. The value is initialized with 0 (meaning no error found) and it will be changed to 1 if an errro occures. If the error occures the file will not be uploaded.
    $errors = 0;

    //Checks if the form has been submitted
    if (isset($_POST['Submit']))
    {
        //Reads the name of the file the user submitted for uploading
        $image=$_FILES['image']['name'];

        //If it is not empty
        if ($image)
        {
            //Get the original name of the file from the clients machine
            $filename = stripslashes($_FILES['image']['name']);

            //Get the extension of the file in a lower case format
            $extension = getExtension($filename);
            $extension = strtolower($extension);

            //If it is not a known extension, we will suppose it is an error and will not upload the file, otherwize we will do more tests
            if (($extension != "jpg") &&
                ($extension != "jpeg") &&
                ($extension != "png") &&
                ($extension != "gif"))
            {
                //Print error message
                echo '<h1>Unknown extension!</h1>';
                $errors=1;
            }
        else
        {
            //Get the size of the image in bytes
            //$_FILES['image']['tmp_name'] is the temporary filename of the file in which the uploaded file was stored on the server
            $size=filesize($_FILES['image']['tmp_name']);

            //Compare the size with the maxim size we defined and print error if bigger
            if ($size > MAX_SIZE*111111111111024)
            {
                echo '<h1>You have exceeded the size limit!</h1>';
                $errors=1;
            }

            //We will give an unique name, for example the time in Unix time format
            $image_name=time().'.'.$extension;

            //The new name will be containing the full path where will be stored (images folder).
            $imagepath='C:\\xampp\\htdocs\\biddingsystem\\Images\\' . $image_name;

            //We verify if the image has been uploaded, and print an error instead
            $copied = copy($_FILES['image']['tmp_name'], $imagepath);
            if (!$copied)
            {
                echo '<h1>Picture upload failed!</h1>';
                $errors=1;
            }
        }
    }
}

//If no errors registred, print the success message
if(isset($_POST['Submit']) && !$errors && isset($_POST['image']))
{
    echo "<h1>Picture Uploaded Successfully! Try again!</h1>";
}

Then, I inserted the image path along with other data to a MySQL database with the script below and tried to display them back to the user using a table. Other data worked out fine but for the image display (imagepath), only the path of the image gets displayed, not the image itself.

mysql_query("INSERT INTO items
    (username, item, price, description, start_date, start_time, imagepath)
    VALUES    ('$username', '$_POST[item]', '$_POST[price]', '$_POST[description]','$_POST[start_date]', '$_POST[start_time]', '$imagepath') ")
    or die ("Error - Couldn't add item");

    echo "Item added successfully";
    echo "<h1>You have added the following item:</h1>";
    $sql = "SELECT item, price, description, start_time, start_date, imagepath FROM items WHERE username = '$username' AND item='$_POST[item]'";
    $result = mysql_query($sql);

$row = mysql_fetch_assoc($result);
echo"<table border=2>

         <tr><td>Item</td>
             <td>Price</td><td>Description</td><td>Start time</td><td>Start date</td><td>Picture</td></tr>

         <tr><td> $row[item]</td>
              <td> $row[price]</td>
              <td> $row[description]</td>
             <td> $row[start_time]</td>
             <td> $row[start_date]</td>
             <td> $row[imagepath]</td>
         </tr>
     </table></br>";

I have tried using <img src="<?php $imagepath ?>"> to show the image but to no avail. I have even tried storing the actual image itself in the database using the BLOB type. However, the result is a page filled with strange characters. How do I fix this problem?

Peter Mortensen
  • 30,738
  • 21
  • 105
  • 131
user1033038
  • 141
  • 3
  • 15

2 Answers2

1

You are confusing the filesystem path and web URL. You have to store only /biddingsystem/Images/ part or even just only name and generate full path dynamically at display time.

Also note that you aren't formatting your data properly, which will lead to some bugs and security vulnerabilities. I've explained formatting rules in my earlier answer, to Stack Overflow question How to include a PHP variable inside a MySQL insert statement.

Community
  • 1
  • 1
Your Common Sense
  • 156,878
  • 40
  • 214
  • 345
  • Have changed it to a relative path and the warning below shows: Warning: copy(/biddingsystem/Images/1320662886.jpg) [function.copy]: failed to open stream: No such file or directory in C:\xampp\htdocs\biddingsystem\auction.php on line 87 – user1033038 Nov 07 '11 at 10:49
  • Btw, I have changed that line to this: $imageData='/biddingsystem/Images/'.$image_name; – user1033038 Nov 07 '11 at 10:51
  • $copied = copy($_FILES['image']['tmp_name'], $imageData); <<---line87 – user1033038 Nov 07 '11 at 10:53
  • you should still use filesystem path for the filesystem operation such as copy() – Your Common Sense Nov 07 '11 at 10:57
  • Okay, so the path name is successfully stored in mysql column. In that column, it reads : /xampp/htdocs/biddingsystem/Images/1320667841.jpg. I believe the path is correct now as the images showed up at that folder. However when I tried to output the picture by using "", there is still no output. – user1033038 Nov 07 '11 at 12:16
  • it is incorrect path. it should be /biddingsystem/Images/1320667841.jpg i believe – Your Common Sense Nov 07 '11 at 12:34
  • Thanks. The picture showed out correctly after I put two periods in front of the path:- $imageData='../biddingsystem/Images/'.$image_name; – user1033038 Nov 07 '11 at 13:12
0

If you want to go with the first solution, displaying from a path, make sure you're pointing to the image in an accessible path. From the code you listed, it looks like $imagepath is a file:// path. On a web server, you'll have to map that to a relative web path.

If you decide to go with the BLOB, the best method is to make a separate page that serves images. Your output image tags should point to that and you need to change the content type in the header of the image service page.

ssamuel
  • 427
  • 3
  • 6