WTF ... IS WTF!?
We are a collective of people who believe in freedom of speech, the rights of individuals, and free pancakes! We share our lives, struggles, frustrations, successes, joys, and prescribe to our own special brand of humor and insanity. If you are looking for a great place to hang out, make new friends, find new nemeses, and just be yourself, WTF.com is your new home.

How to save Uploaded Images on Apache Server into MySQL D/B Thru PHP???

Blaze Daily

<b>Banned - What an Asshat!</b>
146
0
0
#1
Yah dude:

I got

Code:
<?PHP

$image = imagecreatefromjpeg([$HTTP_POST_FILES[name][tmp_name]);

openDB();
$sql = "INSERT...".addslashes($image)."'";

 :)


.............
Then I try and show the database image, but it says it contains errors, and sometimes there's nothing stored in the database. I think my code sucks. WTF is wrong?
 

Blaze Daily

<b>Banned - What an Asshat!</b>
146
0
0
#3
$image = imagecreatefromjpeg($HTTP_POST_FILES['name']['tmp_name']);
header ("Content-type: image/jpeg");
imagejpeg($image;

This code actually shows the uploaded image perfectly. But I cannot actually FIND the right variable to insert into the addslashes routine???

Can someone help?
 

Jung

???
Premium
13,993
1,401
487
#4
www.php.net


Because you obviously have no grasp of php.
Blaze Daily said:
But I cannot actually FIND the right variable to insert into the addslashes routine???
Don't use addslashes/stripslashes, it's a shitty coding practice. Sanitize your input properly. Ever heard of mysql_real_escape_string?
 

Blaze Daily

<b>Banned - What an Asshat!</b>
146
0
0
#5
junglizm said:
www.php.net


Because you obviously have no grasp of php.
Don't use addslashes/stripslashes, it's a shitty coding practice. Sanitize your input properly. Ever heard of mysql_real_escape_string?
I did a google search on your command, but it seemed to open a whole can of worms. I'm thinking file uploads (images) to my forum site is not going to happen :)

I don't have a user database, just guest access at robbiedave.com so anyone can post.

I really don't have the programming skill in PHP to code a user database that couldn't be hacked.

I see file uploads also hold the same problem. Thanks for your input Jungalism. I've visited one of your sites, they're very well presented and I respect your views.
 

Jung

???
Premium
13,993
1,401
487
#6

Blaze Daily

<b>Banned - What an Asshat!</b>
146
0
0
#7
Thanks Jungalism - I appreciate the input. The blaze script you wrote (all 3) is readable.

The script inputs the data to the database. But I couldn't utilize your INSERT line, I didn't use $name, just escaped the string into a mediumblob field. I also altered the script so I only take one part of the array, [0] - this is where the image data is held, is it not?

But basically I tried your script (copy & paste with slight mod) but I got an error saying the image data is corrupted. I dunno why. Perhaps the mysql_escape_real_string() function damages the data?

How do you undo the function? Like with addslashes theres a stripslashes command. What do I do to 'restore' my corrupt image data?
 

Blaze Daily

<b>Banned - What an Asshat!</b>
146
0
0
#8
<?PHP
function opendb() {
$link=mysql_connect ("localhost", "username", "password")
or die("Could not connect to MySQL");
mysql_select_db ("database")
or die("Could not select test database");
return($link);
}
$link = opendb();
$sql = "SELECT image FROM pictures ORDER BY ID DESC LIMIT 0 , 1";
$result = mysql_query($sql,$link) or die(mysql_error());
while ($rs=mysql_fetch_array($result)) {
header("Content-type: image/jpeg");
echo "<tr><td>".$rs[0]."</td>";
}
mysql_close();
?>


This is the 'show.php' script I wrote. Basically, I upload a file to my server from a HTML form. It gets processed by the file handler script (the one that escapes the image data and inserts into the database) next I load my show script, manually, to display the image. I get an error saying the data is corrupt. How do I fix this? I read your link, but it is not got the information to 'decode' the data?

I always thought during an fread ($file, 2048) that is would fuck up if the file length didn't equal a multiply of 2048 - is this still the case? Can you cause a buffer overrun by using fread like that? Wouldn't it be better to get the filesize() to read? Or would that hog system memory? I dunno which is best. I worry about people uploading binary to my database.

It really doesn't seem to want to work on my server.

Perhaps I will not include file uploads at the site. It is simpler to copy the image to a different directory out of the /tmp folder.

Thanks again Jungalism for your directions.
 

Blaze Daily

<b>Banned - What an Asshat!</b>
146
0
0
#9
HOLY SHIT!!!

It works dude. I had those <td> tags in there the whole fuckin time! WTF!!? :)

That's why the image data was being corrupted. I dunno dude - I'm too much of a fuckin stoner to notice these tings - man, I'm laughing now. I can't believe I can sort my users some avators when I get the user database online. ;) Sweet.
 

Jung

???
Premium
13,993
1,401
487
#10
I always thought during an fread ($file, 2048) that is would fuck up if the file length didn't equal a multiply of 2048 - is this still the case? Can you cause a buffer overrun by using fread like that? Wouldn't it be better to get the filesize() to read? Or would that hog system memory? I dunno which is best. I worry about people uploading binary to my database.
Yeah, use filesize() (and limit upload size with upload_max_filesize in php.ini or htaccess), I kind of hacked that together from bits and pieces of different things to show you as pseudo code. (I was/am tired and being lazy) There are probably other retarded things in there as well. :p
 

Fire_ze_Missles

Martha Fuckin' Stewart
1,622
5
38
#11
Move the pictures to a folder, and save the location of the image to a DB? :thumbsup: At least, for size/portability of DBs, that is how I do it.
 

jamesp

In Memory...
1,714
1
0
#12
yeah, just hold meta data about the images in the database. That will slim the DB down, and be much faster.