[PHP-DB] session variable in select query showing picture from database
I'm trying to show picture from database. Everything works until I add
variable into where part of the query.
It works with plain number. example ...WHERE id=11... ...picture is shown on
the page.
Here's the code that retrieves the picture. show_pic.php
?php
function db_connect($host='', $user='',
$password='', $db='')
{
mysql_connect($host, $user, $password) or die('I cannot connect to db: ' .
mysql_error());
mysql_select_db($db);
}
db_connect();
$band_id = $_SESSION['session_var'];
$query=SELECT * FROM pic_upload WHERE band_id=$band_id;
$result=mysql_query($query);
while($row = mysql_fetch_array($result))
{
$bytes = $row['pic_content'];
}
header(Content-type: image/jpeg);
print $bytes;
exit ();
mysql_close();
?
other page that shows the picture
?php
echo img width='400px' src='./show_pic.php' /;
?
Any help would be appreciated...
[PHP-DB] Re: session variable in select query showing picture from database
Thanks for the quick responce...
to Valentin Nedkov:
I have session_start() on another page. Session start gets band_id as a
value when user logs in.
I've tried to echo session variable on show_pic page and it works.
And I belive that I can't set default value for band_id because the picture
I want get is depended on who has logged in.
to Jason Pruim:
when I look at what show_pic shows, it's whole lot of this:
ÿØÿà�JFIF��N�N��ÿÀ��âŠ�ÿÛ�„�.
When I used plain number or WHERE band_id='{$band_id}' those weird
markings(above) were identical. (They were different when not using these '{
}' )
And the code works with plain number so we must be closer to the truth now..
to David Robley:
band_id is set to session variable when user logs in...
-Mika Jaaksi
2009/2/12 Mika Jaaksi mika.jaa...@gmail.com
I'm trying to show picture from database. Everything works until I add
variable into where part of the query.
It works with plain number. example ...WHERE id=11... ...picture is shown
on the page.
Here's the code that retrieves the picture. show_pic.php
?php
function db_connect($host='', $user='',
$password='', $db='')
{
mysql_connect($host, $user, $password) or die('I cannot connect to db: ' .
mysql_error());
mysql_select_db($db);
}
db_connect();
$band_id = $_SESSION['session_var'];
$query=SELECT * FROM pic_upload WHERE band_id=$band_id;
$result=mysql_query($query);
while($row = mysql_fetch_array($result))
{
$bytes = $row['pic_content'];
}
header(Content-type: image/jpeg);
print $bytes;
exit ();
mysql_close();
?
other page that shows the picture
?php
echo img width='400px' src='./show_pic.php' /;
?
Any help would be appreciated...
[PHP-DB] Re: session variable in select query showing picture from database
Still fighting with it...
So, these work:
$query=SELECT * FROM pic_upload;
$query=SELECT * FROM pic_upload WHERE band_id=11;
picture is shown on the other page
but when adding variable into query it doesn't show the picture on the other
page
$query=SELECT * FROM pic_upload WHERE band_id='{$band_id}';
I'm out of ideas at the moment...
ps. forget what I said about the weird markings...
2009/2/12 Mika Jaaksi mika.jaa...@gmail.com
I'm trying to show picture from database. Everything works until I add
variable into where part of the query.
It works with plain number. example ...WHERE id=11... ...picture is shown
on the page.
Here's the code that retrieves the picture. show_pic.php
?php
function db_connect($host='', $user='',
$password='', $db='')
{
mysql_connect($host, $user, $password) or die('I cannot connect to db: ' .
mysql_error());
mysql_select_db($db);
}
db_connect();
$band_id = $_SESSION['session_var'];
$query=SELECT * FROM pic_upload WHERE band_id=$band_id;
$result=mysql_query($query);
while($row = mysql_fetch_array($result))
{
$bytes = $row['pic_content'];
}
header(Content-type: image/jpeg);
print $bytes;
exit ();
mysql_close();
?
other page that shows the picture
?php
echo img width='400px' src='./show_pic.php' /;
?
Any help would be appreciated...
[PHP-DB] Re: session variable in select query showing picture from database
I tried
$query = SELECT * FROM pic_upload WHERE band_id =
'.$_SESSION['session_var'].' ;
didn't work.
And I've tried to echo session variable and it has right data in it.
I've also tried
band_id=$band_id
band_id='$band_id'
band_id=$band_id
band_id='{$band_id}'
band_id={$band_id}
Session variable is 11 in this case and the picture is shown when I use
...WHERE band_id=11... but not when I use variable.
What could be the difference between plain number (11) and variable (I've
echoed it so I know it's 11 too)?
[PHP-DB] Re: session variable in select query showing picture from database
Okay, I added it and got this SELECT * FROM pic_upload WHERE band_id=11 Seems to me that it's the way i should be. For some mystical reason it still doesn't work...
[PHP-DB] Re: session variable in select query showing picture from database
Sorry, but this didn't work either
$query=SELECT * FROM pic_upload WHERE band_id='${band_id}';
Thanks to everybody who has tried to help...
[PHP-DB] Re: session variable in select query showing picture from database
$band_id = 11; $query=SELECT * FROM pic_upload WHERE band_id=$band_id; print_r($_SESSION); gives this: Array ( [session_var] = 11 ) and picture is shown on the page And about the session start: I have session start on the index2.php page when user has logged in. Page that should show the picture is in its own div on index2 page...
[PHP-DB] Re: session variable in select query showing picture from database
*Answer to Rick: in your code below it looks like you're simply hard-coding your $band_id value (as 11) -- so of course it's going to work. *Yes, I did that because one of you helpers asked me to try that. I'll try to be clearer on whom I'm answering to...
[PHP-DB] Re: session variable in select query showing picture from database
With these: $band_id = $_SESSION['session_var']; echo band_id: . $band_id; $query=SELECT * FROM pic_upload WHERE band_id=$band_id; echo query: . $query; I get these: band_id: 11 query: SELECT * FROM pic_upload WHERE band_id=11 SQL injections: Are these what I should use? $db = new mysqli(localhost, user, pass, database); $stmt = $db - prepare(SELECT priv FROM testUsers WHERE username=? AND password=?); $stmt - bind_param(ss, $user, $pass); $stmt - execute(); And $title = $_POST['title']; // user input from site $dirtystuff = array(\, \\, /, *, ', =, -, #, ;, , , +, %); // define the cleaner // clean user input (if it finds any of the values above, it will replace it with whatever is in the quotes - in this example, it replaces the value with nothing) $title = str_replace($dirtystuff, , $title); and should I add something like these everywhere where user can input data into database?
[PHP-DB] SOLVED data from db to a page and then to another page
Thanks to all who answered and helped.
[PHP-DB] data from db to a page and then to another page
I already can get the data from database to a page. Now I want to make link from that data to next page and on that new page it should show all the data that is related. example: data from database -- page1 where listed: band1 (a href) band2 (a href) band3 (a href) ... and when clicking for example band3 -- page2 where listed band info: bandname bandhistory bandmembers ... So, how should I do this? Should I somehow use $_POST method to send/deliver band_id to the next page?
[PHP-DB] Re: data from db to a page and then to another page
Thanks for the aswers, but there is still some problems.
I tested this code(below) and it works but when I add it to the rest of my
code it stops working.
Here's the working code:
page1:
?php
$bandname = Someband;
?
form name=goto_info action=band_info.php method=post
input type=hidden name=bandname value=?php echo $bandname; ?
a href=band_info.php?bandname=$bandname onclick=goto_info.submit();
return false;?php echo $bandname; ?/a
/form
and page2:
Bandname is ?php echo $_POST[bandname]; ?!
_
Now, here's the one I've been fighting with:
?
include(XXX.inc.php);
mysql_connect($host,$username,$password);
@mysql_select_db($database) or die( Unable to select database);
$query=SELECT * FROM band;
$result=mysql_query($query);
$num=mysql_numrows($result);
mysql_close();
echo bcenterBands/center/bbrbr;
?
table border=0 cellspacing=2 cellpadding=2
tr
thfont face=Arial, Helvetica, sans-serifbandname/font/th
/tr
?
$i=0;
while ($i $num) {
$bandname=mysql_result($result,$i,bandname);
?
tr
form name=goto_info action=band_info.php method=post
input type=hidden name=bandname value=?php echo $bandname; ?
a href=band_info.php?bandname=$bandname onclick=goto_info.submit();
return false;?php echo $bandname; ?/a
/form
/tr
?
++$i;
}
echo /table;
?
For some reason this doesn't post bandname to band_info page...
