RE: [PHP-DB] Re: session variable in select query showing picture from database
Mika,
Put the dollar sign (i.e., $) outside the curly brace.
$query=SELECT * FROM pic_upload WHERE band_id='${band_id}';
A-
-Original Message-
From: Mika Jaaksi [mailto:mika.jaa...@gmail.com]
Sent: Thursday, February 12, 2009 12:27 PM
To: php-db@lists.php.net
Subject: [PHP-DB] Re: session variable in select query showing picture
from database
Still fighting with it...
So, these work:
$query=SELECT * FROM pic_upload;
$query=SELECT * FROM pic_upload WHERE band_id=11;
picture is shown on the other page
but when adding variable into query it doesn't show the picture on the
other
page
$query=SELECT * FROM pic_upload WHERE band_id='{$band_id}';
I'm out of ideas at the moment...
ps. forget what I said about the weird markings...
2009/2/12 Mika Jaaksi mika.jaa...@gmail.com
I'm trying to show picture from database. Everything works until I add
variable into where part of the query.
It works with plain number. example ...WHERE id=11... ...picture is
shown
on the page.
Here's the code that retrieves the picture. show_pic.php
?php
function db_connect($host='', $user='',
$password='', $db='')
{
mysql_connect($host, $user, $password) or die('I cannot connect to db:
' .
mysql_error());
mysql_select_db($db);
}
db_connect();
$band_id = $_SESSION['session_var'];
$query=SELECT * FROM pic_upload WHERE band_id=$band_id;
$result=mysql_query($query);
while($row = mysql_fetch_array($result))
{
$bytes = $row['pic_content'];
}
header(Content-type: image/jpeg);
print $bytes;
exit ();
mysql_close();
?
other page that shows the picture
?php
echo img width='400px' src='./show_pic.php' /;
?
Any help would be appreciated...
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Re: session variable in select query showing picture from database
Don't see session_start() in your script. If you work with SESSION, you
must have it on the first lines of the file (before any output and work
with $_SESSION so it's good to put it on the first lines).
And it must be in every file which works with them (except for included
files). It should look like this:
?php
session_start(); // open session
function db_connect($host='', $user='',
$password='', $db='')
{
mysql_connect($host, $user, $password) or die('I cannot connect to db: ' .
mysql_error());
mysql_select_db($db);
}
db_connect();
$band_id = $_SESSION['session_var'];
$query=SELECT * FROM pic_upload WHERE band_id=$band_id;
$result=mysql_query($query);
while($row = mysql_fetch_array($result))
{
$bytes = $row['pic_content'];
}
header(Content-type: image/jpeg);
print $bytes;
exit ();
mysql_close();
?
Mika Jaaksi napsal(a):
Still fighting with it...
So, these work:
$query=SELECT * FROM pic_upload;
$query=SELECT * FROM pic_upload WHERE band_id=11;
picture is shown on the other page
but when adding variable into query it doesn't show the picture on the other
page
$query=SELECT * FROM pic_upload WHERE band_id='{$band_id}';
I'm out of ideas at the moment...
ps. forget what I said about the weird markings...
2009/2/12 Mika Jaaksi mika.jaa...@gmail.com
I'm trying to show picture from database. Everything works until I add
variable into where part of the query.
It works with plain number. example ...WHERE id=11... ...picture is shown
on the page.
Here's the code that retrieves the picture. show_pic.php
?php
function db_connect($host='', $user='',
$password='', $db='')
{
mysql_connect($host, $user, $password) or die('I cannot connect to db: ' .
mysql_error());
mysql_select_db($db);
}
db_connect();
$band_id = $_SESSION['session_var'];
$query=SELECT * FROM pic_upload WHERE band_id=$band_id;
$result=mysql_query($query);
while($row = mysql_fetch_array($result))
{
$bytes = $row['pic_content'];
}
header(Content-type: image/jpeg);
print $bytes;
exit ();
mysql_close();
?
other page that shows the picture
?php
echo img width='400px' src='./show_pic.php' /;
?
Any help would be appreciated...
--
S pozdravem
Daniel Tlach
Freelance webdeveloper
Email: m...@danaketh.com
ICQ: 160914875
MSN: danak...@hotmail.com
Jabber: danak...@jabbim.cz
Re: [PHP-DB] Re: session variable in select query showing picture from database
On Fri, Feb 13, 2009 at 6:01 PM, Mika Jaaksi mika.jaa...@gmail.com wrote: With these: $band_id = $_SESSION['session_var']; echo band_id: . $band_id; $query=SELECT * FROM pic_upload WHERE band_id=$band_id; echo query: . $query; I get these: band_id: 11 query: SELECT * FROM pic_upload WHERE band_id=11 SQL injections: Are these what I should use? $db = new mysqli(localhost, user, pass, database); $stmt = $db - prepare(SELECT priv FROM testUsers WHERE username=? AND password=?); $stmt - bind_param(ss, $user, $pass); $stmt - execute(); Yes. $title = $_POST['title']; // user input from site $dirtystuff = array(\, \\, /, *, ', =, -, #, ;, , , +, %); // define the cleaner // clean user input (if it finds any of the values above, it will replace it with whatever is in the quotes - in this example, it replaces the value with nothing) No. There's so many ways to get around that (use htmlentity values for example). If you're not using bind params use mysql_real_escape_string(). -- Postgresql php tutorials http://www.designmagick.com/ -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
