[PHP-DB] session variable in select query showing picture from database
I'm trying to show picture from database. Everything works until I add variable into where part of the query. It works with plain number. example ...WHERE id=11... ...picture is shown on the page. Here's the code that retrieves the picture. show_pic.php ?php function db_connect($host='', $user='', $password='', $db='') { mysql_connect($host, $user, $password) or die('I cannot connect to db: ' . mysql_error()); mysql_select_db($db); } db_connect(); $band_id = $_SESSION['session_var']; $query=SELECT * FROM pic_upload WHERE band_id=$band_id; $result=mysql_query($query); while($row = mysql_fetch_array($result)) { $bytes = $row['pic_content']; } header(Content-type: image/jpeg); print $bytes; exit (); mysql_close(); ? other page that shows the picture ?php echo img width='400px' src='./show_pic.php' /; ? Any help would be appreciated...
[PHP-DB] Re: session variable in select query showing picture from database
Thanks for the quick responce... to Valentin Nedkov: I have session_start() on another page. Session start gets band_id as a value when user logs in. I've tried to echo session variable on show_pic page and it works. And I belive that I can't set default value for band_id because the picture I want get is depended on who has logged in. to Jason Pruim: when I look at what show_pic shows, it's whole lot of this: ÿØÿà�JFIF��N�N��ÿÀ��âŠ�ÿÛ�„�. When I used plain number or WHERE band_id='{$band_id}' those weird markings(above) were identical. (They were different when not using these '{ }' ) And the code works with plain number so we must be closer to the truth now.. to David Robley: band_id is set to session variable when user logs in... -Mika Jaaksi 2009/2/12 Mika Jaaksi mika.jaa...@gmail.com I'm trying to show picture from database. Everything works until I add variable into where part of the query. It works with plain number. example ...WHERE id=11... ...picture is shown on the page. Here's the code that retrieves the picture. show_pic.php ?php function db_connect($host='', $user='', $password='', $db='') { mysql_connect($host, $user, $password) or die('I cannot connect to db: ' . mysql_error()); mysql_select_db($db); } db_connect(); $band_id = $_SESSION['session_var']; $query=SELECT * FROM pic_upload WHERE band_id=$band_id; $result=mysql_query($query); while($row = mysql_fetch_array($result)) { $bytes = $row['pic_content']; } header(Content-type: image/jpeg); print $bytes; exit (); mysql_close(); ? other page that shows the picture ?php echo img width='400px' src='./show_pic.php' /; ? Any help would be appreciated...
[PHP-DB] Re: session variable in select query showing picture from database
Still fighting with it... So, these work: $query=SELECT * FROM pic_upload; $query=SELECT * FROM pic_upload WHERE band_id=11; picture is shown on the other page but when adding variable into query it doesn't show the picture on the other page $query=SELECT * FROM pic_upload WHERE band_id='{$band_id}'; I'm out of ideas at the moment... ps. forget what I said about the weird markings... 2009/2/12 Mika Jaaksi mika.jaa...@gmail.com I'm trying to show picture from database. Everything works until I add variable into where part of the query. It works with plain number. example ...WHERE id=11... ...picture is shown on the page. Here's the code that retrieves the picture. show_pic.php ?php function db_connect($host='', $user='', $password='', $db='') { mysql_connect($host, $user, $password) or die('I cannot connect to db: ' . mysql_error()); mysql_select_db($db); } db_connect(); $band_id = $_SESSION['session_var']; $query=SELECT * FROM pic_upload WHERE band_id=$band_id; $result=mysql_query($query); while($row = mysql_fetch_array($result)) { $bytes = $row['pic_content']; } header(Content-type: image/jpeg); print $bytes; exit (); mysql_close(); ? other page that shows the picture ?php echo img width='400px' src='./show_pic.php' /; ? Any help would be appreciated...
[PHP-DB] Re: session variable in select query showing picture from database
I tried $query = SELECT * FROM pic_upload WHERE band_id = '.$_SESSION['session_var'].' ; didn't work. And I've tried to echo session variable and it has right data in it. I've also tried band_id=$band_id band_id='$band_id' band_id=$band_id band_id='{$band_id}' band_id={$band_id} Session variable is 11 in this case and the picture is shown when I use ...WHERE band_id=11... but not when I use variable. What could be the difference between plain number (11) and variable (I've echoed it so I know it's 11 too)?
[PHP-DB] Re: session variable in select query showing picture from database
Okay, I added it and got this SELECT * FROM pic_upload WHERE band_id=11 Seems to me that it's the way i should be. For some mystical reason it still doesn't work...
[PHP-DB] Re: session variable in select query showing picture from database
Sorry, but this didn't work either $query=SELECT * FROM pic_upload WHERE band_id='${band_id}'; Thanks to everybody who has tried to help...
[PHP-DB] Re: session variable in select query showing picture from database
$band_id = 11; $query=SELECT * FROM pic_upload WHERE band_id=$band_id; print_r($_SESSION); gives this: Array ( [session_var] = 11 ) and picture is shown on the page And about the session start: I have session start on the index2.php page when user has logged in. Page that should show the picture is in its own div on index2 page...
[PHP-DB] Re: session variable in select query showing picture from database
*Answer to Rick: in your code below it looks like you're simply hard-coding your $band_id value (as 11) -- so of course it's going to work. *Yes, I did that because one of you helpers asked me to try that. I'll try to be clearer on whom I'm answering to...
[PHP-DB] Re: session variable in select query showing picture from database
With these: $band_id = $_SESSION['session_var']; echo band_id: . $band_id; $query=SELECT * FROM pic_upload WHERE band_id=$band_id; echo query: . $query; I get these: band_id: 11 query: SELECT * FROM pic_upload WHERE band_id=11 SQL injections: Are these what I should use? $db = new mysqli(localhost, user, pass, database); $stmt = $db - prepare(SELECT priv FROM testUsers WHERE username=? AND password=?); $stmt - bind_param(ss, $user, $pass); $stmt - execute(); And $title = $_POST['title']; // user input from site $dirtystuff = array(\, \\, /, *, ', =, -, #, ;, , , +, %); // define the cleaner // clean user input (if it finds any of the values above, it will replace it with whatever is in the quotes - in this example, it replaces the value with nothing) $title = str_replace($dirtystuff, , $title); and should I add something like these everywhere where user can input data into database?
[PHP-DB] SOLVED data from db to a page and then to another page
Thanks to all who answered and helped.
[PHP-DB] data from db to a page and then to another page
I already can get the data from database to a page. Now I want to make link from that data to next page and on that new page it should show all the data that is related. example: data from database -- page1 where listed: band1 (a href) band2 (a href) band3 (a href) ... and when clicking for example band3 -- page2 where listed band info: bandname bandhistory bandmembers ... So, how should I do this? Should I somehow use $_POST method to send/deliver band_id to the next page?
[PHP-DB] Re: data from db to a page and then to another page
Thanks for the aswers, but there is still some problems. I tested this code(below) and it works but when I add it to the rest of my code it stops working. Here's the working code: page1: ?php $bandname = Someband; ? form name=goto_info action=band_info.php method=post input type=hidden name=bandname value=?php echo $bandname; ? a href=band_info.php?bandname=$bandname onclick=goto_info.submit(); return false;?php echo $bandname; ?/a /form and page2: Bandname is ?php echo $_POST[bandname]; ?! _ Now, here's the one I've been fighting with: ? include(XXX.inc.php); mysql_connect($host,$username,$password); @mysql_select_db($database) or die( Unable to select database); $query=SELECT * FROM band; $result=mysql_query($query); $num=mysql_numrows($result); mysql_close(); echo bcenterBands/center/bbrbr; ? table border=0 cellspacing=2 cellpadding=2 tr thfont face=Arial, Helvetica, sans-serifbandname/font/th /tr ? $i=0; while ($i $num) { $bandname=mysql_result($result,$i,bandname); ? tr form name=goto_info action=band_info.php method=post input type=hidden name=bandname value=?php echo $bandname; ? a href=band_info.php?bandname=$bandname onclick=goto_info.submit(); return false;?php echo $bandname; ?/a /form /tr ? ++$i; } echo /table; ? For some reason this doesn't post bandname to band_info page...