i have read many topics considering this matter, but i still have the same problem.I cant understand the logic yet i think.
so i have an image stored in one of my folders in my system and i also have the image's path registered in my database.i simply want to allow users to insert image's title to a searching form and after they press OK, i want the specific image to be displayed.
so far i have found codes like: echo '';
and they work fine for other people, but not for me
my code is the following :
<?php
$con = mysql_connect("localhost","root","");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("photoshare", $con);
$Title = $_POST['Title'];
$Creator = $_POST['Creator'];
$result = mysql_query("SELECT path FROM images WHERE Title = '$Title' OR Creator = '$Creator'");
echo '<img src="' . $result . '" />';
//some code
mysql_close($con);
?>
so the problem is that no image is beign displayed.on the other hand, the icon of broken image is being displayed. if i got it right the error occurs cause i dont put what my HTTP must see or something like that.i really havent undersand it yet.
any help would be appreciated :)
Thank you both but same thing happens :/ my upload file is the following, i hope it helps :
<?php
$con = mysql_connect("localhost","root","");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("photoshare", $con);
$Image_Title = $_POST['Image_Title'];
$Image_Creator = $_POST['Image_Creator'];
$Image_Date = $_POST['Image_Date'];
$Image_Genre = $_POST['Image_Genre'];
if ((($_FILES["file"]["type"] == "image/gif")
|| ($_FILES["file"]["type"] == "image/jpeg")
|| ($_FILES["file"]["type"] == "image/pjpeg"))
&& ($_FILES["file"]["size"] < 50000000))
{
if ($_FILES["file"]["error"] > 0)
{
echo "Return Code: " . $_FILES["file"]["error"] . "<br />";
}
else
{
echo "Upload: " . $_FILES["file"]["name"] . "<br />";
echo "Type: " . $_FILES["file"]["type"] . "<br />";
echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />";
echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br />";
if (file_exists("../photo_album/" . $_FILES["file"]["name"]))
{
echo $_FILES["file"]["name"] . " already exists. ";
}
else
{
move_uploaded_file($_FILES["file"]["tmp_name"],
"../photo_album/" . $_FILES["file"]["name"]);
echo "Stored in: " . "../photo_album/" . $_FILES["file"]["name"];
$path = "photo_album/" . $_FILES["file"]["name"];
$query = "INSERT INTO images (title, creator, date, genre, path)
VALUES ('$Image_Title', '$Image_Creator', '$Image_Date', '$Image_Genre', '$path')";
}
}
}
else
{
echo "Invalid file";
}
if (!mysql_query($query, $con)) {
die("Error " . mysql_error());
}
?>
You are executing the query, but you must also retrieve the result as an array or as an object.
<?php
mysql_select_db("photoshare", $con);
// Use mysql_real_escape_string to protect yourself from SQL injection
$Title = mysql_real_escape_string( $_POST['Title'] );
$Creator = mysql_real_escape_string( $_POST['Creator'] );
$result = mysql_query("SELECT path FROM images WHERE Title = '$Title' OR Creator = '$Creator'");
$row = mysql_fetch_assoc( $result );
echo '<img src="' . $row['path'] . '" />';
Also, you are not escaping your input, which opens you up to CRITICAL security vulnerabilities. Use mysql_real_escape_string() on any user supplied input to avoid this.
Finally, the mysql extension is deprecated and you should avoid using it (The PHP.net docs list it as deprecated). Please consider using PDO instead. Here is your code rewritten using PDO:
<?php
$con = new PDO( 'mysql:host=localhost;dbname=photoshare', 'root', '' );
if ( ! $con ) {
die( 'Could not connect to the database' );
}
$stmt = $con->prepare( "SELECT path FROM images WHERE Title = :title OR Creator = :creator" );
$stmt->bindParam( ':title', $_POST['Title'] );
$stmt->bindParam( ':creator', $_POST['Creator'] );
$stmt->execute();
// Do this to output all found images
while ( $row = $stmt->fetch( PDO::FETCH_ASSOC ) ) {
echo '<img src="' . htmlentities( $row['path'] ) . '" />';
}
// OR do this to output only one image
$row = $stmt->fetch( PDO::FETCH_ASSOC );
echo '<img src="' . htmlentities( $row['path'] ) . '" />';
<?php
$con = mysql_connect("localhost","root","");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("photoshare", $con);
$Title = mysql_real_escape_string( $_POST['Title'] );
$Creator = mysql_real_escape_string( $_POST['Creator'] );
$result = mysql_query("SELECT path FROM images WHERE Title = '$Title' OR Creator = '$Creator'");
$row=mysql_fetch_assoc($result);
echo '<img src="' . $row['path'] . '" />';
//some code
mysql_close($con);
?>