Hi , ive recently come to a stumbling block in my project in which displaying images has now become a problem .
My problem is when accessing a users page i want to display info about the said user and then have a profile picture.

The web pages for users is removed all unnecessary code to shorten it

<?php

require_once('auth.php');
require_once('config.php');
require_once('opendb.php');
session_start();
    function clean($str) {
			$str = @trim($str);
			if(get_magic_quotes_gpc()) {
				$str = stripslashes($str);
		}

$user = $_SESSION['SESS_USERNAME'];
   if(!$user)
        {
        echo "<br><p>Blah blah you arent logged in </p><br>";
        }

else
    {
    //We need to grab the login name variable from the URL.
    $user_id = clean($_REQUEST['user_id']);
     $view_profile = mysql_query("SELECT * FROM members WHERE login = '$user_id'");

$user = mysql_fetch_array($view_profile);
$member_id= $user['member_id'];
$login = $user['login'];
$dob = $user['dob'];
$query = mysql_query("SELECT * FROM tbl_images WHERE id='$member_id'");
$row = mysql_fetch_array($query);
			$content = $row['image'];
				print ("member_id is : $member_id <BR>");
	          print ("UserName for login is : $login<BR>");
	          print ("Date of birth is : $dob<br>");
			echo $content;
}
?>

Now when i run this page i recieve a page of the user details but the RAW data for the image ,
I heard adding header('Content-type: image/jpg'); would solve the problem but adding that just opens a page with the broken image icon .

At first i thought perhaps my image wasnt uploaded correctly so i added this page to test it

<?php

require_once('config.php');
	require_once('opendb.php');

 $storedid = "11";
  $id = (int)$storedid;

if(!isset($id) || empty($id)){
die("Please select your image!");
}else{

$query = mysql_query("SELECT * FROM tbl_images WHERE id='$id'");
$row = mysql_fetch_array($query);
$content = $row['image'];

header('Content-type: image/jpg');
echo $content;

}

?>

And the image displays correctly .
Not sure what im doing wrong but if you can give me any advice it'd be much appreciated.
Thanks ,
Pages.

    Your problem is that you're trying to mix two different types of data into one page. You can't output the binary data of an image into the middle of an HTML document and expect it to work. Instead, use an <img> tag and point it to a script that does nothing but output the image data (along with the appropriate Content-Type header).

      Ahh i see , so creating something like

      <img src="show.php?member_id=<?php echo $member_id; ?>

      and then creating

      <?php
	require_once('auth.php');
	require_once('config.php');
	require_once('opendb.php');
session_start();
header('Content-type: image/jpg');
    function clean($str) {
			$str = @trim($str);
			if(get_magic_quotes_gpc()) {
				$str = stripslashes($str);
		}
 $id = clean($_REQUEST['member_id']);
$query = mysql_query("SELECT * FROM tbl_images WHERE id='$id'");
$row = mysql_fetch_array($query);
echo $row['image'];

      Its kinda rushed but just came up with as i was typing 🙂
      But am i going in the right direction or did i turn off at a tangent somewhere 🙂

        Couple suggestions.... first, user-supplied data should never be placed directly into a SQL query string. Instead, it must first be sanitized with a function such as [man]mysql_real_escape_string/man. In your case, however, if the id column contains integers, you should cast the data to an (int) or use a function such as [man]intval/man in order to sanitize the data. Also note that numerical data in SQL queries shouldn't be surrounded with quotes (just like in PHP).

        Additionally, you should avoid using 'SELECT *' queries in all of your scripts. Instead, only SELECT the columns that you actually need data from (such as the image column in this case).

          Thanks for the advice , ill mark this as resolved since i think you've helped a good bit .

          And yeah sorry really need to start learning about all these injection prevention methods , i thought the clean function would stop most but ill add the method you suggested aswell.

            pages;10947777 wrote:

            i thought the clean function would stop most but ill add the method you suggested aswell.

            Your "clean" function actually doesn't stop any attack. What's worse, it actually helps allow attacks by removing slashes added by the magic_quotes_gpc directive without adding any other sanitizing protection (e.g. [man]mysql_real_escape_string/man.

            Again, however, specific methods of sanitizing data depend on the data type; what I would do to sanitize a string isn't the same as what I would do to sanitize a numeric input.

              haha oh god i didn't realise it was so bad m
              Once again i owe you 🙂

              Cheers

                Write a Reply...