Jump to content

PHP gallery not giving output


shan
Go to solution Solved by Ch0cu3r,

Recommended Posts

guys im trying to output photos from users folder but it is not showingup. the system works like this, i try to insert the filename based on time & reference it with in the user gallery folder and then try to output it. but it is not showing up but is inserting values in table. here is the code for photo_sys.php:

include '../includes/dbconfig.inc.php';
$photo= $_FILES['photo'];
print_r($photo);
if ($photo) {

$name=basename($_FILES['photo']['name']);
$t_loc=$_FILES['photo']['tmp_name'];
$fileType = $_FILES["photo"]["type"];
$fileSize = $_FILES["photo"]["size"];
$fileErrorMsg = $_FILES["photo"]["error"];
$kaboom = explode(".", $name);
$fileExt = end($kaboom);
$db_file_name = date("DMjGisY")."".rand(1000,9999).".".$fileExt;
list($width, $height) = getimagesize($t_loc);
if($width < 10 || $height < 10){
header("location: ../message.php?msg=ERROR: That image has no dimensions");
exit(); 
}
if($fileSize > 2000000) {
header("location: ../message.php?msg=ERROR: Your image file was larger than 2mb");
exit(); 
} else if (!preg_match("/\.(gif|jpeg|jpg|png)$/i", $name) ) {
header("location: ../message.php?msg=ERROR: Your image file was not jpg, gif or png type");
exit();
} else if ($fileErrorMsg == 1) {
header("location: ../message.php?msg=ERROR: An unknown error occurred");
exit();
}
$sql = "SELECT DISTINCT gallery FROM photos WHERE user='{$_SESSION['uname']}'";
$stmth=$conn->prepare($sql);
$stmth->execute();
$fetch=$stmth->fetch(PDO::FETCH_ASSOC);
$gallery=$fetch['gallery'];
$dir1="../user/{$_SESSION['uname']}";
$moveResult=move_uploaded_file($t_loc, $dir1.'/'.$name);
if($moveResult){
echo 'upload successful';
include_once("img_resize.php");
$wmax = 800;
$hmax = 600;
if($width > $wmax || $height > $hmax){
$target_file = "../user/$log_username/$name";
$resized_file = "../user/$log_username/$name";
img_resize($target_file, $resized_file, $wmax, $hmax, $fileExt);

}
$sql="INSERT INTO photos(user, gallery, filename, upload_date) VALUES ('{$_SESSION['uname']}','$gallery','$db_file_name',now())";
$stmth=$conn->prepare($sql);
$stmth->execute();
header("location: ../home.php?u={$_SESSION['uname']}");
exit();
}
else {
echo "file not uploaded";
}

}

here is the output code for the gallery in home.php:

<div id="tabs-4"class="tab-pane fade gal_photos">
<?php
if ($_SESSION['uname']!="") {
echo '<form id="photoform" enctype="multipart/form-data" method="post" action="others/photo_sys.php">'
. '<h3> Hi '.$_SESSION["uname"].' please add a photo:<br>' 

. '<input type="file" name="photo" accept="image/*" required>'
. '<p><input type="submit" class="upload_button" name="up_img" value="Upload Photos"></p></form>';
//select the user galleries
$sql = "SELECT DISTINCT gallery FROM photos WHERE user='{$_SESSION['uname']}'";
$stmth=$conn->prepare($sql);
$stmth->execute();
$fetch=$stmth->fetch(PDO::FETCH_ASSOC);
$gallery=$fetch['gallery'];
$id=$fetch['id'];
$sql1="SELECT filename FROM photos WHERE user='{$_SESSION['uname']}' AND gallery='$gallery' And id='$id' ORDER BY RAND() LIMIT 1";
$stmth1=$conn->prepare($sql1);
$stmth1->execute();
$fet=$stmth1->fetch(PDO::FETCH_ASSOC);
$dir="user/{$_SESSION['uname']}";

while ($row1 = $fet) 
{
$file=$row1['filename'];
echo '<img src="$dir/$file" alt="$file"><br><br>';

} 
}
else
{
echo 'please login to upload photos';
}

?> 
</div>
Link to comment
Share on other sites

  • Solution

First if you are going to be use prepared queries ($pdo->prepare()). You should be bounding values to be used in the query to placeholders. If you are using variables directly in the query then that will not be protecting your from SQL injection.

Manual pages on prepared queries/binding values

http://php.net/manual/en/pdo.prepared-statements.php

http://php.net/manual/en/pdostatement.bindparam.php

http://php.net/manual/en/pdostatement.execute.php

 

2) in photo_sys.php you are using variable called $log_username. This is not defined in the code you posted. Did you mean to use $_SESSION['uname']

 

3) As hansford said, there is no need for the two queries. You should merge them into one as suggested. But is the query is supposed to get all the users  uploaded photos? If so then remove LIMIT 1 from the query. You then need to change  while ($row1 = $fet)   to be  while ($row1 = $stmth1->fetch(PDO::FETCH_ASSOC))  

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.