--- tresto <[EMAIL PROTECTED]> wrote:
> I want to display photos from a database using php and my sql...
> the problem seems to be that the value of Picnum hasn't been passed
> to the second script...
> I know in the first script the value of picnum is correct, because I
> added some echos that displayed the value..and I selected view
> source and saw that in the code of the first script the value of
> picnum was substituted by the id.
> But the second script didn't select the pictures...
> I got the picture frames empty witout the picture...(empty boxes)
> if in the second script I use the $PicNum=1 instruction then I'm
> able to display the first image when I entered the first script in
> the browser...for these reason I know the first script executed the
> second script.
> do someone know what I'm doing wrong? and why I'm loosing the PicNum
> value?
>
>
> thanks!...
> php code of first script:
>
> albumsep23.php
> <?
> $usuario='xxxx';
> $password='xxxx';
> $my_server="localhost";
> $record_ctr=0;
> $dbname="album";
> #entablar conexión: parametros: servidor, usuario,password
> #
> $conxid1=mysql_connect($my_server,$usuario,$password);
> #cruds start:
> mysql_select_db($dbname) or die ("unable to select db");
> $result=mysql_query("SELECT * FROM fotos") or die("can't perform
> query");
> echo"<ul>";
> while ($row=mysql_fetch_object($result))
> {
> echo "<IMG SRC=\"Second0923.php3?PicNum=$row->photo_id\">";
> $record_ctr = $record_ctr + 1;
> }
> #echo "</ul>";
> echo "total fotos en album.$record_ctr";
> ?>
>
> -----------------------------------------------------
> php code of the second script:
> Second0923.php3
> <?
> $usuario='XXXX';
> $password='XXXX';
> $my_server="localhost";
> $dbname="album";
> #$PicNum=1;
> mysql_connect($my_server,$usuario,$password) or die ("unable to
> connect to sql");
> @mysql_select_db($dbname) or die("unable to select db");
> result=mysql_query("SELECT * from fotos where photo_id=$PicNum") or
> die("error");
> $row=mysql_fetch_object($result);
> Header("Content-type:image/jpeg");
> echo $row->photo;
> ?>
It appears that the second script is written with the risky and outdated
addumption that register_globals is on. When it is on, GET variables are
automatically created and available in the program. However, since this is a
security risk, PHP has had it off by default for many years now.
Since you are only using one GET variable in the second script the solution
should be to use a line like this near the top of the program:
$PicNum = $_GET['PicNum'];
It is generally a bad idea to store binary image data in a database like MySQL.
The usual recommendation is to store files in the file system and data in the
database. In this case, store the name and possibly the path to the image in
the table and use a standard image tag to display it. However, if your second
script was also checking to see if a user was logged in, you could provide some
additional protection for the display of the images.
In your first script you have:
echo "<IMG SRC=\"Second0923.php3?PicNum=$row->photo_id\">";
Using a complex variable name (array, object reference, etc) in a double quoted
string can cause some problems when the string is evaluated. Sometimes PHP can
become confused about where the variable reference begins and ends. You can
resolve this in one of several ways depending on what is clearest for you to
read and remember:
echo "<IMG SRC=\"Second0923.php3?PicNum=${row->photo_id}\">";
printf("<IMG SRC=\"Second0923.php3?PicNum=%s\">", $row->photo_id);
I notice that your example mentions php3 and has tags in caps. This is an
indication that you are either running on a really old (circa 2000) server or
you are referring to a website or book with really old examples.
James
