[SOLVED] Problem extracting images from a database

[Athgar]

I have a script view-image.php, that should output an image to the browser as follows :

 

$query = mysql_query('SELECT ' .$field. ' FROM ' .$tableName. ' WHERE ' .$tableID. '=' . mysqlSafeNumber($id));

 

$array = mysql_fetch_array($query);

 

header("Content-type: image/gif");

 

echo $array[$field];

 

$field here is the name of a longblob field storing the image.

 

Instead, all that happens is the URL of the script is output to the browser.  I know that the connection to the database is fine and that data is being retrieved, if the header line is commented out then a stream of data is printed to the browser and shows up as gibberish text.

 

My suspicion is that the problem lies in the configuration of the web server I am using because this code was left to me by someone else that apparently had it running fine.  I am running Windows XP, Apache 2.2, PHP 5.2.5 and MySQL 5.0.45

 

I'd be most appreciative to anyone who can help with this issue

[bogeyman]

When you store the image to database, do you use addslashes() function?

 

I ever made the script for upload and download. When I upload a file to database, I store it with statement like this:

 

mysql_query("INSERT INTO upload (filename, filesize, filetype, content) 
VALUES ('".$name."','".$length."','".$type."','".addslashes($content)."')");

 

And, In my download script, I use script like this:

 

$result=mysql_query("SELECT filetype, filesize, filename, content FROM upload WHERE id='".mysql_escape_string($_GET['fileid'])."'");

if(mysql_num_rows($result)>0){
$data=mysql_fetch_row($result);
header("Content-Type:".$data[0]);
header("Content-Length:".$data[1]);
header("Content-Disposition: attachment; filename=".$data[2]);
echo $data[3];
}

 

I don't think the problem is in your web server configuration. By the way, are you sure the image type is "image/gif"?

[Athgar]

When you store the image to database, do you use addslashes() function?

This is a difficult question to answer, the code that was left to me only extracts, there is no mechanism to add an image to the database (another third party was supposed to code that side of the system and failed to do so) so I'm not sure what the input method the developer used when they had it working.

 

I did however make my own upload script that did use addslashes() and that didn't have any effect on the output I observed

 

 

 

I don't think the problem is in your web server configuration. By the way, are you sure the image type is "image/gif"?

 

Again, I did not write this line of code but I did try both changing the image type sent in the header and the type of image in the database itself with no change in result

[premiso]

Have you tried turning on error_reporting and setting display_errors to 1 to make sure that any errors are being displayed?

 

error_reporting(E_ALL);
init_set("display_errors", 1);

 

Other than that, are you sure the image type was input to the database properly?

 

Sorry if this is all repetitive, but from the looks of the code, and your statements, everything looks good from this end.

[Athgar]

I wrote a fresh pair of scripts based on what bogeyman posted to test if I could get anything working

 

I have an upload form :

 

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>
    <head><title>File Upload To Database</title></head>
    <body>
        <h3>Please Choose a File and click Submit</h3>

        <form enctype="multipart/form-data" action="upload.php"; method="post">
            <input type="hidden" name="MAX_FILE_SIZE" value="10000000" />
            <input name="userfile" type="file" />
            <input type="submit" value="Submit" />
        </form>
    </body>
</html>

 

an upload script :

// prepare the image for insertion
        $imgData =addslashes (file_get_contents($_FILES['userfile']['tmp_name']));
        // $imgData = addslashes($_FILES['userfile']);

        // get the image info..

   		$type = $_FILES['userfile']['type'];
        $name = $_FILES['userfile']['name'];
        $length = $_FILES['userfile']['size'];


        // put the image in the db...
          // database connection
          mysql_connect(...);

          // select the db
          mysql_select_db (...) OR DIE ("Unable to select db".mysql_error());

        // our sql query
        $sql = "INSERT INTO testblob (filename, filesize, filetype, image)
VALUES ('".$name."','".$length."','".$type."','".$imgData."')";

        if(!mysql_query($sql)) {
            echo 'Unable to upload file';
            }

 

and an extraction script :

 

$result=mysql_query("SELECT filetype, filesize, filename, image FROM testblob WHERE image_id='".mysql_escape_string($_GET['image_id'])."'");

if(mysql_num_rows($result)>0){
   $data=mysql_fetch_row($result);
   header("Content-Type:".$data[0]);
   header("Content-Length:".$data[1]);
   header("Content-Disposition: attachment; filename=".$data[2]);
   echo $data[3];
}

 

My findings are as follows :

 

The file does get added to the DB, the type, name and size are all fine

 

When I run the view script, a download dialog opens, after downloading it has the same file size but it isn't a valid image any more

 

If I comment the content-disposition line out I once again get the url of the script printed to the browser

 

Adding

 

error_reporting(E_ALL);
init_set("display_errors", 1);

 

resulted in no output at all

 

 

Attached are the images before (Sylar.jpg) being uploaded and after (Sylar2.JPG)

 

 

 

[attachment deleted by admin]

[PFMaBiSmAd]

If you view the image in an editor, you will note the escaped characters. The magic_quotes_runtime setting in ON on your server and is escaping data retrieved from the database. You can and should turn this setting off (it has been removed in php6 due to problems and wasted processing time it causes.)

[Athgar]

Many thanks.  The code now works nicely