Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 2 of 2
Thread: PHP pull images
05-08-2013, 01:10 AM #1
- Join Date
- Oct 2012
- Thanked 0 Times in 0 Posts
PHP pull images
Ok so this is what I want to do for my site. The user will start their post and email me the image. I will put the image on the server whenever I get the chance. This is more secure in my opinion and makes sure the image is clean. I want to store the image url in the database, and somehow pull the image from that url. That way I could get an external hard drive and use it instead of the main one. How would I go about doing that?
$sql = "SELECT
topics.topic_id = " . mysql_real_escape_string($_GET['id']);
$result = mysql_query($sql);
echo 'The topic could not be displayed, please try again later.';
if(mysql_num_rows($result) == 0)
echo 'This topic doesn′t exist.';
while($row = mysql_fetch_assoc($result))
//display post data
echo '<table class="topic" border="1">
<th colspan="2">' . $row['topic_subject'] . '</th>
//fetch the posts from the database
$posts_sql = "SELECT
posts.post_by = users.user_id
posts.post_topic = " . mysql_real_escape_string($_GET['id']);
$posts_result = mysql_query($posts_sql);
echo '<tr><td>The posts could not be displayed, please try again later.</tr></td></table>';
while($posts_row = mysql_fetch_assoc($posts_result))
echo '<tr class="topic-post">
<td class="user-post">' . $posts_row['user_name'] . '<br/>' . date('d-m-Y H:i', strtotime($posts_row['post_date'])) . '</td>
<td class="post-content">' . htmlentities(stripslashes($posts_row['post_content'])) . '</td>
echo '<tr><td colspan=2>You must be <a href="signin.php">signed in</a> to reply. You can also <a href="signup.php">sign up</a> for an account.';
//show reply box
echo '<tr><td colspan="2"><h2>Reply:</h2><br />
<form method="post" action="reply.php?id=' . $row['topic_id'] . '">
<textarea name="reply-content"></textarea><br /><br />
<input type="submit" value="Submit reply" />
//finish the table
05-08-2013, 05:35 AM #2
- Join Date
- Sep 2002
- Saskatoon, Saskatchewan
- Thanked 2,660 Times in 2,629 Posts
I don't understand; why are you getting them to email you an image and you move it for them? You can simply provide them with the form to perform the upload with; HTML only needs to provide an <input type="file" name="x"/> on it in order to allow an upload.
For security, you then validate the input data. Check the upload status error against UPLOAD_ERR_OK to verify that its successful in upload. You then check the mimetype from the file. Finally, if you allow only images, you can read the binary file from the image, and simply provide that to the gd's imagecreatefromstring() function. If it returns a valid resource, the image is actually an image and not simply an executable mascaraing as one. Alternatively, parse the file yourself and verify the image header compared to the declared type (also in the header). This route takes more practice and knowledge of the definition of the file or knowledge on how to interpret them. Wiki should have lots of information on that, or at least links to the originating site that controls the structure.
When verified move the file above the public_html directory. This will prevent direct access to the file. Preferrably in a directory with a umask excluding the execute, or direct chmod of even just read all is sufficient.
Finally, you load it by writing a new script. This script's job is to take an id, compare that to your database to get the save path of the image, read the image data in (simple fread or even file_get_contents would probably do the trick [I find fopen to fpassthru is easiest]), while serving the proper header for the file. So in the DB, you'll need to store at minimum an id for it, a filepath for it (or partial), and finally a mimetype for it.
You then access this script as if it were an image.
<img src="myimages.php?id=mydbid" alt="An image."/>, and it'll serve just as a standard image.
header('HTTP/1.1 420 Enhance Your Calm');