shan Posted September 20, 2015 Share Posted September 20, 2015 guys im trying to output photos from users folder but it is not showingup. the system works like this, i try to insert the filename based on time & reference it with in the user gallery folder and then try to output it. but it is not showing up but is inserting values in table. here is the code for photo_sys.php: include '../includes/dbconfig.inc.php'; $photo= $_FILES['photo']; print_r($photo); if ($photo) { $name=basename($_FILES['photo']['name']); $t_loc=$_FILES['photo']['tmp_name']; $fileType = $_FILES["photo"]["type"]; $fileSize = $_FILES["photo"]["size"]; $fileErrorMsg = $_FILES["photo"]["error"]; $kaboom = explode(".", $name); $fileExt = end($kaboom); $db_file_name = date("DMjGisY")."".rand(1000,9999).".".$fileExt; list($width, $height) = getimagesize($t_loc); if($width < 10 || $height < 10){ header("location: ../message.php?msg=ERROR: That image has no dimensions"); exit(); } if($fileSize > 2000000) { header("location: ../message.php?msg=ERROR: Your image file was larger than 2mb"); exit(); } else if (!preg_match("/\.(gif|jpeg|jpg|png)$/i", $name) ) { header("location: ../message.php?msg=ERROR: Your image file was not jpg, gif or png type"); exit(); } else if ($fileErrorMsg == 1) { header("location: ../message.php?msg=ERROR: An unknown error occurred"); exit(); } $sql = "SELECT DISTINCT gallery FROM photos WHERE user='{$_SESSION['uname']}'"; $stmth=$conn->prepare($sql); $stmth->execute(); $fetch=$stmth->fetch(PDO::FETCH_ASSOC); $gallery=$fetch['gallery']; $dir1="../user/{$_SESSION['uname']}"; $moveResult=move_uploaded_file($t_loc, $dir1.'/'.$name); if($moveResult){ echo 'upload successful'; include_once("img_resize.php"); $wmax = 800; $hmax = 600; if($width > $wmax || $height > $hmax){ $target_file = "../user/$log_username/$name"; $resized_file = "../user/$log_username/$name"; img_resize($target_file, $resized_file, $wmax, $hmax, $fileExt); } $sql="INSERT INTO photos(user, gallery, filename, upload_date) VALUES ('{$_SESSION['uname']}','$gallery','$db_file_name',now())"; $stmth=$conn->prepare($sql); $stmth->execute(); header("location: ../home.php?u={$_SESSION['uname']}"); exit(); } else { echo "file not uploaded"; } } here is the output code for the gallery in home.php: <div id="tabs-4"class="tab-pane fade gal_photos"> <?php if ($_SESSION['uname']!="") { echo '<form id="photoform" enctype="multipart/form-data" method="post" action="others/photo_sys.php">' . '<h3> Hi '.$_SESSION["uname"].' please add a photo:<br>' . '<input type="file" name="photo" accept="image/*" required>' . '<p><input type="submit" class="upload_button" name="up_img" value="Upload Photos"></p></form>'; //select the user galleries $sql = "SELECT DISTINCT gallery FROM photos WHERE user='{$_SESSION['uname']}'"; $stmth=$conn->prepare($sql); $stmth->execute(); $fetch=$stmth->fetch(PDO::FETCH_ASSOC); $gallery=$fetch['gallery']; $id=$fetch['id']; $sql1="SELECT filename FROM photos WHERE user='{$_SESSION['uname']}' AND gallery='$gallery' And id='$id' ORDER BY RAND() LIMIT 1"; $stmth1=$conn->prepare($sql1); $stmth1->execute(); $fet=$stmth1->fetch(PDO::FETCH_ASSOC); $dir="user/{$_SESSION['uname']}"; while ($row1 = $fet) { $file=$row1['filename']; echo '<img src="$dir/$file" alt="$file"><br><br>'; } } else { echo 'please login to upload photos'; } ?> </div> Quote Link to comment Share on other sites More sharing options...
hansford Posted September 20, 2015 Share Posted September 20, 2015 I'm probably missing something, but why do you need 2 queries to get the data you require. $sql1="SELECT DISTINCT filename,gallery FROM photos WHERE user='{$_SESSION['uname']}' ORDER BY RAND() LIMIT 1"; Quote Link to comment Share on other sites More sharing options...
Solution Ch0cu3r Posted September 20, 2015 Solution Share Posted September 20, 2015 First if you are going to be use prepared queries ($pdo->prepare()). You should be bounding values to be used in the query to placeholders. If you are using variables directly in the query then that will not be protecting your from SQL injection. Manual pages on prepared queries/binding values http://php.net/manual/en/pdo.prepared-statements.php http://php.net/manual/en/pdostatement.bindparam.php http://php.net/manual/en/pdostatement.execute.php 2) in photo_sys.php you are using variable called $log_username. This is not defined in the code you posted. Did you mean to use $_SESSION['uname'] 3) As hansford said, there is no need for the two queries. You should merge them into one as suggested. But is the query is supposed to get all the users uploaded photos? If so then remove LIMIT 1 from the query. You then need to change while ($row1 = $fet) to be while ($row1 = $stmth1->fetch(PDO::FETCH_ASSOC)) Quote Link to comment Share on other sites More sharing options...
shan Posted September 20, 2015 Author Share Posted September 20, 2015 (edited) thanks for the reply guys it's working now after ur suggestion. Edited September 20, 2015 by shan Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.