从数据库php mysql检索时，图像显示为空白

Question

我有四个文件：

1. main.php我的html提交表单，用图像提交图像和文字

2. storeinfo.php它将我的所有数据从html表单发送到它工作的数据库，表单中的图像和文本都已成功提交

3. image.php从数据库中提取图像，并有一个标题函数将aimagetype转换为图像为png，jpeg等的任何格式。

4. show.php获取随图像一起发布的所有文本，并显示带有文本的所有图像，但是图像不会显示，而是当图像无法显示时我得到一个空白框。

我找不到我的错误，我猜它与image.php中的标题函数有关，或者当我尝试在show.php中显示带有html img标记的图像时。 / strong>将映像（存储为blob）上载到数据库成功。 为什么图像不显示？

每页按顺序编码：

1. main.php html表单

   <form enctype="multipart/form-data" action="storeinfo.php" method="POST">
   
   <table border=0 align=center bgcolor=black width=100%>
   <tr><td colspan=2><h2>&nbsp</h2></td></tr>
   </table>
   
   
   <table border=0 align=center bgcolor=grey>
   <tr><td colspan=2><h2>Animal Information</h2></td></tr>
   <tr>
   <td>Name</td><td><input type=text name="aname"></td>
   </tr>
   <tr>
   <td>Description</td><td><input type=text name="adetails"></td>
   </tr>
   <tr>
   <td>Photo</td><td><input type=file name="aphoto"></td>
   </tr>
   <tr>
   <td></td><td><input type=submit name="submit" value="Store Information"></td>
   </tr>
   </table>
   </form>
   

2. storeinfo.php

   <?php
   $conn = mysql_connect("localhost","root","");
   if(!$conn)
   {
   echo mysql_error();
   }
   $db = mysql_select_db("imagestore",$conn);
   if(!$db)
   {
   echo mysql_error();
   }
   $aname = $_POST['aname'];
   $adetails = $_POST['adetails'];
   $aphoto = addslashes (file_get_contents($_FILES['aphoto']['tmp_name']));
   $image = getimagesize($_FILES['aphoto']['tmp_name']);//to know about image type etc
   
   $imgtype = $image['mime'];
   
   $q ="INSERT INTO animaldata VALUES('','$aname','$adetails','$aphoto','$imgtype')";
   
   $r = mysql_query($q,$conn);
   if($r)
   {
   echo "Information stored successfully";
   }
   else
   {
   echo mysql_error();
   }
   ?>
   

3. image.php

   <?php
   
   $conn = mysql_connect("localhost","root","");
   if(!$conn)
   {
   echo mysql_error();
   }
   $db = mysql_select_db("imagestore",$conn);
   if(!$db)
   {
   echo mysql_error();
   }
   $id = $_GET['id'];
   $q = "SELECT aphoto,aphototype FROM animaldata where id='$id'";
   $r = mysql_query("$q",$conn);
   if($r)
   {
   
   $row = mysql_fetch_array($r);
   $type = "Content-type: ".$row['aphototype'];
   header($type);
   echo $row['aphoto'];
   }
   else
   {
   echo mysql_error();
   }
   
   ?>
   

4. show.php

   <?php
   //show information
   
   
   $conn = mysql_connect("localhost","root","");
   if(!$conn)
   {
   echo mysql_error();
   }
   $db = mysql_select_db("imagestore",$conn);
   if(!$db)
   {
   echo mysql_error();
   }
   
   $q = "SELECT * FROM animaldata";
   $r = mysql_query("$q",$conn);
   if($r)
   {
   while($row=mysql_fetch_array($r))
   {
   //header("Content-type: text/html");
   echo "</br>";
   echo $row['aname'];
   echo "</br>";
   echo $row['adetails'];
   echo "</br>";
   
   //$type = "Content-type: ".$row['aphototype'];
   //header($type);
   
    //$lastid = mysql_insert_id();
   // $lastid = $lastid;
    //echo "Your image:<br /><img src=image.php?id=$lastid />";
   
   echo "<img src=image.php?id=".$row['id']." width=300 height=100/>";
   
   
   }
   }
   else
   {
   echo mysql_error();
   }
   
   
   ?>
   

Answer 1

首先，我找到了如何做你想要做的事情的教程： http://www.mysqltutorial.org/php-mysql-blob/

第二，你应该使用mysql_escape_string（file_get_contents（$ _ FILES ['aphoto'] ['tmp_name']））而不是addshlashes。

根据这两条规则，您应该能够找出代码的错误，您也可以尝试使用较小的图片。

Answer 2

您的代码存在许多问题，但最值得注意的是您使用的是deprecated mysql functions，而且您的代码容易受SQL injection attack攻击。

我已重写storeinfo.php和image.php以使用mysqli扩展名并使用参数绑定来缓解SQL注入。我将重写show.php作为练习。

请注意，我对表的结构做了一些假设，因此您可能需要对SQL代码进行一些调整。

<强> storeinfo.php

$aname = $_POST['aname'];
$adetails = $_POST['adetails'];
$aphoto = file_get_contents($_FILES['aphoto']['tmp_name']);
$image = getimagesize($_FILES['aphoto']['tmp_name']);//to know about image type etc
$imgtype = $image['mime'];

$conn = new mysqli("localhost","root","", "imagestore");
if ($conn->connect_errno) {
    echo "Failed to connect to MySQL: (" . $conn->connect_errno . ") " . $conn->connect_error;
}

if (!($stmt = $conn->prepare("INSERT INTO animaldata (aname, adetails, aphoto, aphototype) VALUES(?, ?, ?, ?)"))) {
    echo "Prepare failed: (" . $conn->errno . ") " . $conn->error;
}
if (!$stmt->bind_param("ssbs", $aname, $adetails, $aphoto, $imgtype)) {
    echo "Binding parameters failed: (" . $stmt->errno . ") " . $stmt->error;
}
$stmt->send_long_data(2, $aphoto);

if (!$stmt->execute()) {
    echo "Insert failed: (" . $conn->errno . ") " . $conn->error;
} else {
    echo "Information stored successfully";
}

<强> image.php

$conn = new mysqli("localhost","root","", "imagestore");
if ($conn->connect_errno) {
    echo "Failed to connect to MySQL: (" . $conn->connect_errno . ") " . $conn->connect_error;
}

if (!($stmt = $conn->prepare("SELECT aphoto, aphototype FROM animaldata where id=?"))) {
    echo "Prepare failed: (" . $conn->errno . ") " . $conn->error;
}
if (!$stmt->bind_param("i", $_GET['id'])) {
    echo "Binding parameters failed: (" . $stmt->errno . ") " . $stmt->error;
}

if (!$stmt->execute()) {
    echo "Select failed: (" . $conn->errno . ") " . $conn->error;
} else {
    $stmt->bind_result($aphoto, $aphototype);
    $stmt->fetch();

    header("Content-type: ".$aphototype);
    echo $aphoto;
}