Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 2 of 2

Thread: PHP pull images

  1. #1
    New Coder
    Join Date
    Oct 2012
    Posts
    44
    Thanks
    3
    Thanked 0 Times in 0 Posts

    PHP pull images

    Ok so this is what I want to do for my site. The user will start their post and email me the image. I will put the image on the server whenever I get the chance. This is more secure in my opinion and makes sure the image is clean. I want to store the image url in the database, and somehow pull the image from that url. That way I could get an external hard drive and use it instead of the main one. How would I go about doing that?

    PHP Code:
    <?php
    session_start
    ();
    //create_cat.php
    include 'connect.php';
    include 
    'header.php';

    $sql "SELECT
                topic_id,
                topic_subject
            FROM
                topics
            WHERE
                topics.topic_id = " 
    mysql_real_escape_string($_GET['id']);
                
    $result mysql_query($sql);

    if(!
    $result)
    {
        echo 
    'The topic could not be displayed, please try again later.';
    }
    else
    {
        if(
    mysql_num_rows($result) == 0)
        {
            echo 
    'This topic doesn&prime;t exist.';
        }
        else
        {
            while(
    $row mysql_fetch_assoc($result))
            {
                
    //display post data
                
    echo '<table class="topic" border="1">
                        <tr>
                            <th colspan="2">' 
    $row['topic_subject'] . '</th>
                        </tr>'
    ;
            
                
    //fetch the posts from the database
                
    $posts_sql "SELECT
                            posts.post_topic,
                            posts.post_content,
                            posts.post_date,
                            posts.post_by,
                            users.user_id,
                            users.user_name
                        FROM
                            posts
                        LEFT JOIN
                            users
                        ON
                            posts.post_by = users.user_id
                        WHERE
                            posts.post_topic = " 
    mysql_real_escape_string($_GET['id']);
                            
                
    $posts_result mysql_query($posts_sql);
                
                if(!
    $posts_result)
                {
                    echo 
    '<tr><td>The posts could not be displayed, please try again later.</tr></td></table>';
                }
                else
                {
                
                    while(
    $posts_row mysql_fetch_assoc($posts_result))
                    {
                        echo 
    '<tr class="topic-post">
                                <td class="user-post">' 
    $posts_row['user_name'] . '<br/>' date('d-m-Y H:i'strtotime($posts_row['post_date'])) . '</td>
                                <td class="post-content">' 
    htmlentities(stripslashes($posts_row['post_content'])) . '</td>
                              </tr>'
    ;
                    }
                }
                
                if(!
    $_SESSION['signed_in'])
                {
                    echo 
    '<tr><td colspan=2>You must be <a href="signin.php">signed in</a> to reply. You can also <a href="signup.php">sign up</a> for an account.';
                }
                else
                {
                    
    //show reply box
                    
    echo '<tr><td colspan="2"><h2>Reply:</h2><br />
                        <form method="post" action="reply.php?id=' 
    $row['topic_id'] . '">
                            <textarea name="reply-content"></textarea><br /><br />
                            <input type="submit" value="Submit reply" />
                        </form></td></tr>'
    ;
                }
                
                
    //finish the table
                
    echo '</table>';
            }
        }
    }

    include 
    'footer.php';
    ?>
    <?php
    Sorry I am just very new at this

  • #2
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,994
    Thanks
    4
    Thanked 2,662 Times in 2,631 Posts
    I don't understand; why are you getting them to email you an image and you move it for them? You can simply provide them with the form to perform the upload with; HTML only needs to provide an <input type="file" name="x"/> on it in order to allow an upload.
    For security, you then validate the input data. Check the upload status error against UPLOAD_ERR_OK to verify that its successful in upload. You then check the mimetype from the file. Finally, if you allow only images, you can read the binary file from the image, and simply provide that to the gd's imagecreatefromstring() function. If it returns a valid resource, the image is actually an image and not simply an executable mascaraing as one. Alternatively, parse the file yourself and verify the image header compared to the declared type (also in the header). This route takes more practice and knowledge of the definition of the file or knowledge on how to interpret them. Wiki should have lots of information on that, or at least links to the originating site that controls the structure.
    When verified move the file above the public_html directory. This will prevent direct access to the file. Preferrably in a directory with a umask excluding the execute, or direct chmod of even just read all is sufficient.
    Finally, you load it by writing a new script. This script's job is to take an id, compare that to your database to get the save path of the image, read the image data in (simple fread or even file_get_contents would probably do the trick [I find fopen to fpassthru is easiest]), while serving the proper header for the file. So in the DB, you'll need to store at minimum an id for it, a filepath for it (or partial), and finally a mimetype for it.
    You then access this script as if it were an image. <img src="myimages.php?id=mydbid" alt="An image."/>, and it'll serve just as a standard image.
    PHP Code:
    header('HTTP/1.1 420 Enhance Your Calm'); 
    Been gone for a few months, and haven't programmed in that long of a time. Meh, I'll wing it ;)


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •