Code: Select all
<?php
//This file inserts the main image into the images table.
//address error handling
ini_set ('display_errors', 1);
error_reporting (E_ALL & ~E_NOTICE);
//authenticate user
//Start session
session_start();
//Connect to database
require ('config.php');
//Check whether the session variable id is present or not. If not, deny access.
if(!isset($_SESSION['id']) || (trim($_SESSION['id']) == '')) {
header("location: access_denied.php");
exit();
}
else{
// Check to see if the type of file uploaded is a valid image type
function is_valid_type($file)
{
// This is an array that holds all the valid image MIME types
$valid_types = array("image/jpg", "image/jpeg", "image/bmp", "image/gif");
if (in_array($file['type'], $valid_types))
return 1;
return 0;
}
// Just a short function that prints out the contents of an array in a manner that's easy to read
// I used this function during debugging but it serves no purpose at run time for this example
function showContents($array)
{
echo "<pre>";
print_r($array);
echo "</pre>";
}
// Set some constants
// This variable is the path to the image folder where all the images are going to be stored
// Note that there is a trailing forward slash
$TARGET_PATH = "images/";
// Get our POSTed variable
$image = $_FILES['image'];
// Sanitize our input
$image['name'] = mysql_real_escape_string($image['name']);
// Build our target path full string. This is where the file will be moved to
// i.e. images/picture.jpg
$TARGET_PATH .= $image['name'];
// Make sure all the fields from the form have inputs
if ( $image['name'] == "" )
{
$_SESSION['error'] = "All fields are required";
header("Location: member.php");
exit;
}
// Check to make sure that our file is actually an image
// You check the file type instead of the extension because the extension can easily be faked
if (!is_valid_type($image))
{
$_SESSION['error'] = "You must upload a jpeg, gif, or bmp";
header("Location: member.php");
exit;
}
// Here we check to see if a file with that name already exists
// You could get past filename problems by appending a timestamp to the filename and then continuing
if (file_exists($TARGET_PATH))
{
$_SESSION['error'] = "A file with that name already exists";
header("Location: member.php");
exit;
}
// Lets attempt to move the file from its temporary directory to its new home
if (move_uploaded_file($image['tmp_name'], $TARGET_PATH))
{
// NOTE: This is where a lot of people make mistakes.
// We are *not* putting the image into the database; we are putting a reference to the file's location on the server
$sql = "insert into images (member_id, image_cartegory, image_date, image) values ('{$_SESSION['id']}', 'main', NOW(), '" . $image['name'] . "')";
$result = mysql_query($sql) or die ("Could not insert data into DB: " . mysql_error());
header("Location: images.php");
echo "File uploaded";
exit;
}
else
{
// A common cause of file moving failures is because of bad permissions on the directory attempting to be written to
// Make sure you chmod the directory to be writeable
$_SESSION['error'] = "Could not upload file. Check read/write persmissions on the directory";
header("Location: member.php");
exit;
}
} //End of if session variable id is not present.
?>
Now the problem is, I can't figure out exactly how to write the script that displays the image on an html page. I used the following script which didn't work.
Code: Select all
//authenticate user
//Start session
session_start();
//Connect to database
require ('config.php');
$sql = mysql_query("SELECT* FROM images WHERE member_id = '".$_SESSION['id']."' AND image_cartegory = 'main' ");
$row = mysql_fetch_assoc($sql);
$imagebytes = $row['image'];
header("Content-type: image/jpeg");
print $imagebytes;