使用php将其保存在mysql中后无法显示图像

时间:2014-02-11 09:24:29

标签: php html mysql image

将它作为blob保存在mysql中后,我无法显示图像。有人可以帮我调试一下:

<?php
    // just so we know it is broken
    error_reporting(E_ALL);
    // some basic sanity checks
    if(isset($_GET['id'])) {
        //connect to the db
        $link = mysql_connect('localhost', 'root', '') or die("Could not connect: " . mysql_error());

        // select our database
        mysql_select_db("poll") or die(mysql_error());

        // get the image from the db
        $sql = "SELECT image FROM polldetails WHERE image_name= $id";

        // the result of the query
        $result = mysql_query("$sql") or die("Invalid query: " . mysql_error());

        // set the header for the image
        header("Content-type: image/jpg");
        echo mysql_result($result, 0);

        // close the db link
        mysql_close($link);
    }
    else {
        echo 'Please use a real id number';
    }
?>

$imgData =addslashes (file_get_contents($_FILES['file']['tmp_name']));
        $size = getimagesize($_FILES['file']['tmp_name']);
            $link = mysql_connect('localhost', 'root', '');
        if (!$link) 
        {
            die('Not connected : ' . mysql_error());
        }
        mysql_select_db ("poll") OR DIE ("Unable to select db".mysql_error());
        $sql = "INSERT INTO polldetails
                    ( poll_id, image_id , image_type ,image, image_size, image_name)
                    VALUES
                    ('1', '11', '{$size['mime']}', '{$imgData}', '{$size[3]}', '{$_FILES['file']['name']}')";

        if(!mysql_query($sql)) 
            {
                    echo 'Unable to upload file';
            }
        else
            {
                    $qry = mysql_query("SELECT * FROM polldetails where image_name = '{$_FILES['file']['name']}' ");

                    while ($row = mysql_fetch_array($qry))
                    {
                        //echo $row['image'];
                        echo "<img src=file.php?id=".$row["image_name"]." height=200 width=200>";   

                    }
            }

**file.php**
<?php
    // just so we know it is broken
    error_reporting(E_ALL);
    // some basic sanity checks
    if(isset($_GET['id'])) {
        //connect to the db
        $link = mysql_connect('localhost', 'root', '') or die("Could not connect: " . mysql_error());

        // select our database
        mysql_select_db("poll") or die(mysql_error());

        // get the image from the db
        $sql = "SELECT image FROM polldetails WHERE image_name= $id";

        // the result of the query
        $result = mysql_query("$sql") or die("Invalid query: " . mysql_error());

        // set the header for the image
        header("Content-type: image/jpg");
        echo mysql_result($result, 0);

        // close the db link
        mysql_close($link);
    }
    else {
        echo 'Please use a real id number';
    }
?>

显示损坏的图像链接,并通过firebug检查元素,显示未找到网址。两个文件都驻留在同一个目录中。我正在使用xampp。

1 个答案:

答案 0 :(得分:0)

在file.php中,未设置$ id变量:

$id = $_GET[];

你的sql中也有错误:

$sql = "SELECT image FROM polldetails WHERE image_name= '$id'";

不要忘记$ id周围的单引号。

顺便说一下:你的代码对于sql注入是有效的。

相关问题
最新问题