vet911 Posted July 1, 2014 Share Posted July 1, 2014 I can't get images to show up in my script. They show up as broken images and I can figure it out. I think it's a problem with (') or this ("). Any help would be appreciated. $query = 'SELECT * FROM images'; $stmt = $dbh->prepare($query); $stmt->execute(); $counter = 0; $numberperrow = 3; while($row = $stmt->fetch()) { if($counter < $numberperrow) { echo '<img src='.$row['image_th'].' width=200>'; /**$counter = $counter + 1;**/ echo ' '; $counter = $counter + 1; }else{ echo '<br>'; $counter = '1'; echo '<img src='.$row['image_th'].' width=200>'; echo ' '; } } } catch(PDOException $e) { echo $e->getMessage(); } Quote Link to comment Share on other sites More sharing options...
Jacques1 Posted July 1, 2014 Share Posted July 1, 2014 Dumping unescaped values into your HTML document is a very bad idea. Dumping them into unquoted attributes is even worse. The broken images are actually a rather harmless symptom, you can easily run into much severe bugs or even security vulnerabilities. Always escape input and quote attributes. So in your case, you want something like this: <?php echo '<img src="'.html_escape($row['image_th']).'" width="200">'; function html_escape($raw_input) { // If you're not using UTF-8 as the document encoding, adjust this accordingly. return htmlspecialchars($raw_input, ENT_QUOTES | ENT_SUBSTITUTE, 'UTF-8'); } Quote Link to comment Share on other sites More sharing options...
vet911 Posted July 2, 2014 Author Share Posted July 2, 2014 Thanks for your explanation, it definetly made a difference in the code output but the picture still doesn't show up. Quote Link to comment Share on other sites More sharing options...
Jacques1 Posted July 2, 2014 Share Posted July 2, 2014 Well, I'm not sitting next to you, so you'll have to be a bit more concrete. What does the src attribute look like? Is this what you expected? Why does it not point to an existing image? Quote Link to comment Share on other sites More sharing options...
vet911 Posted July 4, 2014 Author Share Posted July 4, 2014 Okay, I have found the problem, the file names in the directory were not what I was looking for. This has been corrected thanks to your help. I now have another problem my query works fine but I want to change it to show only the files that are listed with a "1" in the column. This is what I'm trying but it doesn't work. The error message is: SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'show =1' at line 1 This is my changed code. I appreciate any help provided. Thank you. $query = 'SELECT * FROM images WHERE show =1'; $stmt = $dbh->prepare($query); $stmt->execute(); $counter = 0; $numberperrow = 3; echo '<center>'; while($row = $stmt->fetch()) { if($counter < $numberperrow) { echo '<a href="'.html_escape($row['image']).'"><IMG SRC = "'.html_escape($row['image_th']).'" width="200">'; echo $row['id'] . "\t" . $row['description'] . "\n"; /**$counter = $counter + 1;**/ echo ' '; $counter = $counter + 1; }else{ echo '<br>'; $counter = '1'; echo '<a href="'.html_escape($row['image']).'"><img src="'.html_escape($row['image_th']).'" width="200">'; echo $row['id'] . "\t" . $row['description'] . "\n"; echo ' '; } } Quote Link to comment Share on other sites More sharing options...
Solution mac_gyver Posted July 4, 2014 Solution Share Posted July 4, 2014 show is a reserved mysql keyword. to use it as a column name, you must surround it with back-ticks `` i recommend renaming the column so that it isn't a reserved keyword so that you don't need to do anything special for it. Quote Link to comment Share on other sites More sharing options...
vet911 Posted July 4, 2014 Author Share Posted July 4, 2014 Worked perfect, thanks for the help. Renamed it to picture. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.