Re: [PHP] Image Stored in DB has errors

[Marek Kilimajer]

I'm not sure if this solves you problem, but addslashes escapes BOTH 
single and double quotes. Use str_replace("'", "\\'", ....) instead

Guru Geek wrote:

Hello,

I went to bed last night and this was working.  I woke up this morning
and something has happened or someone has tampered with it.  I have
noticed that the LONGBLOB in the database which stores the actual binary
of the image states that it contains 25.3k and the actual 'image_size'
field states 25.9k and I'm wondering if something is trimming part of
the image off.  Can anyone out there in PHP land spot an error in my
code that would create a problem like this?  When I try to view the
photos it returns "the picture you are trying to view contains errors".
HERE'S THE CODE FOR INSERTING PHOTOS INTO THE DATABASE:

if ($userpic != "none")
  {
    $image = addslashes (fread(fopen
($HTTP_POST_FILES["userpic"]["tmp_name"], "r"),
                       filesize
($HTTP_POST_FILES["userpic"]["tmp_name"])));
    $File_name = strtolower($HTTP_POST_FILES["userpic"]["name"]);
    $File_size = $HTTP_POST_FILES["userpic"]["size"];
    $File_type = strtolower($HTTP_POST_FILES["userpic"]["type"]);
    function filecheck($File_name)
    {
     $ext = strrchr($File_name, ".");
     $image_type = array (".png", ".jpg", ".jpeg", ".bmp", ".gif",
".tif", ".tiff", ".pcx");
     if ( in_array ($ext, $image_type) )
    {
    global $goodext;
     $goodext = 1;
    }
    }
    filecheck($File_name);
    if (!$goodext)
    {
    echo "Your photo is not in a valid format.<br>";
   exit;
    }
  } else {
  $File_name = " ";
  }
$db_host="localhost";
$db_user="";
$db_pass="";
$db_db="main";
mysql_connect($db_host,$db_user,$db_pass) or die(mysql_error());
mysql_select_db($db_db) or die(mysql_error());
$do= "INSERT INTO table
(name,email,age,location,interests,about,image,image_type,image_size,image_name)
VALUES
('$name','$email','$dobtimestamp','$location','$interests','$about','$image','$File_type','$File_size','$File_name')";
$r=mysql_query($do) or die(mysql_error());

HERE'S THE CODE FOR VIEWING SAID PHOTOS:
$r=mysql_query("SELECT
name,email,age,location,interests,about,image_size FROM table WHERE
name='$name'");
$a=mysql_fetch_array($r);
if ($a['image_size'] > 0)
  {
   print "<img src='getimage.php?name=$name' border=2></img>";
  }
HERE'S THE CODE FOR getimage.php:
<?php
$query = mysql_query("SELECT image,image_type,image_size FROM table
WHERE name = '$name'");
$image = @mysql_result($query,0,"image");
$image_type = @mysql_result($query,0,"image_type");
$image_size = @mysql_result($query,0,"image_size");
Header( "Content-type: $image_type");
Header( "Content-Length: $image_size");
echo $image;
?>
Thank all of you in advance,
Rog




--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php