Motivated by this post https://security.stackexchange.com/questions/32852/risks-of-a-php-image-upload-form I want to display my images by
<?php $pathToPicture = "server/www/images/imagexyz1823014719102714123.png"; ?>
<img src="/resources/php/showImage.php" >
where showImage.php is simply given by
<?php
header('Content-Type: image/jpeg');
readfile($pathToPicture);
?>
But how can I pass the variable $pathToPicture to showImage.php? I do not want to hard-code $pathToPictue into showImage.php.
答案 0 :(得分:1)
将image的路径作为get参数传递给showImage.php脚本,如。
wmctrl在这里,你可以从<?php $pathToPicture = "server/www/images/imagexyz1823014719102714123.png"; ?>
<img src="/resources/php/showImage.php?pathToPicture=<?php echo $pathToPicture;?>" >
数组传递变量:
$_GET为此,我建议为<?php
header('Content-Type: image/jpeg');
readfile($_GET['pathToPicture']);
?>
建议使用base64_encode和base64_decode。也不要像这样公开地暴露图像位置的整个路径。看看下面改进的代码
pathToPicture