dragon_girl Posted September 12, 2013 Share Posted September 12, 2013 I was trying to break my ecommerce program to see how everything worked. One of the things I did was delete an image that was in the uploads folder. When I went to view_print.php for that specific image I did get the message "No image available." that was echoed from view_print.php. Why, instead, did it not use the default unavailable.png image that was set up in show_image.php? Link to comment Share on other sites More sharing options...
HartleySan Posted September 13, 2013 Share Posted September 13, 2013 Could you maybe show the relevant code? Link to comment Share on other sites More sharing options...
dragon_girl Posted September 13, 2013 Author Share Posted September 13, 2013 view_print.php: <?php # Script 19.7 - view_print.php // This page displays the details for a particular print. // $row is used to track whether or not a problem occurred on this page // if ok, this var will store the print info from the db // if not ok, this var will still be FALSE and the page should create an error $row = FALSE; // make sure there's a print id and that the print id is an int greater than or equal to 1 // pid comes from browse_prints.php if (isset($_GET['pid']) && filter_var($_GET['pid'], FILTER_VALIDATE_INT, array('min_range' => 1))) { $pid = $_GET['pid']; // get the print info require('includes/mysqli_connect.php'); $q = "SELECT CONCAT_WS(' ', first_name, middle_name, last_name) AS artist, print_name, price, description, size, image_name FROM artists, prints WHERE artists.artist_id=prints.artist_id AND prints.print_id=$pid"; $r = mysqli_query($dbc, $q); if (mysqli_num_rows($r) == 1) { // fetch the info $row = mysqli_fetch_array($r, MYSQLI_ASSOC); // start the html page $page_title = $row['print_name']; include('includes/header.html'); // display a header echo '<div align="center"><b>' . $row['print_name'] . '</b> by ' . $row['artist'] . '<br />'; // print the size or a default msg echo (is_null($row['size'])) ? '(No size available)' : $row['size']; echo "<br />\${$row['price']}<a href=\"add_cart.php?pid=$pid\">Add to Cart</a></div><br />"; // get the image info and display image; // because the images are stored outside the root dir, show_image.php is required // to provide the image to the browser; // getimagesize() returns an array with 7 elements; // $image[3] refers to a text string with the correct height="yy" width="xx" string // that can be used directly in an img tag; if ($image = @getimagesize("../uploads/$pid")) { echo "<div align=\"center\"><img src=\"show_image.php?image=$pid&name=" . urlencode($row['image_name']) . "\" $image[3] alt=\"{$row['print_name']}\" /></div>\n"; } else { echo '<div align="center">No image available.</div><br />'; } // add the description or a default message echo '<p align="center">' . ((is_null($row['description'])) ? '(No description available.)' : $row['description']) . '</p>'; } mysqli_close($dbc); } if (!$row) { $page_title = 'Error'; include('includes/header.html'); echo '<div align="center">This page has been accessed in error!</div>'; } include('includes/footer.html'); ?> show_image.php: <?php # Script 19.8 - show_image.php // This pages retrieves and shows an image. // Flag variables: $image = FALSE; $name = (!empty($_GET['name'])) ? $_GET['name'] : 'print image'; // Check for an image value in the URL: if (isset($_GET['image']) && filter_var($_GET['image'], FILTER_VALIDATE_INT, array('min_range' => 1)) ) { // Full image path: $image = '../uploads/' . $_GET['image']; // Check that the image exists and is a file: if (!file_exists ($image) || (!is_file($image))) { $image = FALSE; } } // End of $_GET['image'] IF. // If there was a problem, use the default image: if (!$image) { $image = 'images/unavailable.png'; $name = 'unavailable.png'; } // Get the image information: $info = getimagesize($image); $fs = filesize($image); // Send the content information: header ("Content-Type: {$info['mime']}\n"); header ("Content-Disposition: inline; filename=\"$name\"\n"); header ("Content-Length: $fs\n"); // Send the file: readfile ($image); Link to comment Share on other sites More sharing options...
HartleySan Posted September 13, 2013 Share Posted September 13, 2013 It's because of the following line: } else { echo '<div align="center">No image available.</div><br />'; } You need to replace the echoed div with an img element that displays the unavailable.png image. That make sense? Link to comment Share on other sites More sharing options...
dragon_girl Posted September 13, 2013 Author Share Posted September 13, 2013 Thank you, that does make sense. But at what point would show_print.php trigger the use of the default unavailable image? Link to comment Share on other sites More sharing options...
HartleySan Posted September 13, 2013 Share Posted September 13, 2013 view_print.php or show_image.php? Link to comment Share on other sites More sharing options...
dragon_girl Posted September 13, 2013 Author Share Posted September 13, 2013 in show_print.php.... // If there was a problem, use the default image: if (!$image) { $image = 'images/unavailable.png'; $name = 'unavailable.png'; } When would this conditional return as true (not an image) and therefore use the unavailable.png image? Link to comment Share on other sites More sharing options...
Larry Posted September 17, 2013 Share Posted September 17, 2013 That's a failsafe upon a failsafe. It would apply, for example, if some one tried to use the show_image.php script to load something else on the server (like a password file). Link to comment Share on other sites More sharing options...
Recommended Posts