0

hi i have already typed my code below. the database is saving the path of image but it is not displaying the image . where could i be wrong?

<div class="profile"> <?php if (isset($_FILES['profile']) === true) { if (empty($_FILES['profile']['name']) === true) { echo 'Please choose a file'; } else { $allowed = array('jpg', 'jpeg', 'gif', 'png'); $file_name = $_FILES['profile']['name']; $file_extn = strtolower(end(explode('.', $file_name))); $file_temp = $_FILES['profile']['tmp_name']; if (in_array($file_extn, $allowed) === true) { ///upload file. change_profile_image($session_user_id, $file_temp, $file_extn); } else { echo 'incorrect file type. Allowed formats: '; echo implode(', ', $allowed); } } } if (empty($user_data['profile']) === false) { echo '<img src"', $user_data['profile'], '" alt="', $user_data['first_name'], '\'s">'; } ?> <form action="" method="post" enctype="multipart/form-data"> <input type="file" name="profile"> <input type="submit"> </form> </div>

and the function change_profile_image I am calling is below:

function change_profile_image($user_id, $file_temp, $file_extn) { $file_path = 'images/profile/' . substr(md5(time()), 0, 10) . '.' . $file_extn; //echo $file_path; move_uploaded_file($file_temp, $file_path); mysql_query("UPDATE `users` SET `profile` = '" . mysql_real_escape_string($file_path) . "' WHERE `user_id` = " . (int) $user_id); }

the database is saving the image path but not displaying the image on the webpage.

Improve this question
14
  • 2
    echo '<img src"', $user_data['profile'], '" should be echo '<img src="', $user_data['profile'], '" for a start. Commented Apr 12, 2016 at 11:47
  • 2
    @Chris re-read what you commented Commented Apr 12, 2016 at 11:51
  • 1
    @LuthandoLoot Indeed, I didn't realize there were more mistakes just on that line. I'm too late to edit my comment now, but I guess it should say: echo '<img src"', $user_data['profile'], '" should be echo '<img src="'.$user_data['profile'].'" Commented Apr 12, 2016 at 11:54
  • 1
    remove === expression from isset and empty. Those functions always return boolean value. Yo can simply write if(isset($whatever)){}. This is a suggestion and not the answer. Commented Apr 12, 2016 at 11:57
  • 2
    @sagarkodte that is very wrong code :) @hardeep a part from Chris corretions, are you sure the path is correct? How and where are you creating $user_data variable? Commented Apr 12, 2016 at 11:59

2 Answers 2

Reset to default
3

Where you've written

echo '<img src"', $user_data['profile'], '"

change it to

echo '<img src="'.$user_data['profile'].'"

Note the added equals sign and that full-stops instead of commas are used for concatenation.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Chris; I don't find anything wrong with posting an answer from comments, when it comes from "your" own comment(s). It's the ones who feed off of other people's comment(s) for their own personal gain that isn't right. You've my vote here ;-) P.s.: I do it myself at times.
Good to know. Thanks @Fred-ii-.
1

First of all, I want to isolate some security issues...

When you're uploading a file, the file extension should never be checked. You should simply check the file MIME like so:

class FileSecure { public resource $Allowed; private object $Info; public function __construct($allow) { $this->Allowed = $allow; $this->Info = new finfo(); } public function Check($file) : bool { if(in_array($fileType = $this->Info->file($file, FILEINFO_MIME_TYPE, $this->Allowed))) { return true; } else { return false; } } } $fileCheck = array( 'Image' => new FileSecure(['image/bmp', 'image/gif', 'image/jpeg', 'image/png']), 'Text' => new FileSecure(['text/plain']), 'Compressed' => new FileSecure(['application/zip', 'application/x-rar-compressed']) ); // End of Class ($fileCheck['Image']->Check($_FILES['profile']['name']))? "" : die("Invalid image file..."); // make sure you delete the file if it is false

Now back to the Question...

Firstly, we cannot see what your file server so make sure that the file has saved where that path links too.

If it has, var_dump() your queries and ensure that it is the correct path with the correct extension and name.

Secondly, you have a lot of syntax issues which you could easily find yourself by enabling error reporting...

You can do this by: error_reporting(1);

Edit: Note, if you're storing the directory as the datetime (substr(md5(time()), 0, 10)) you will need to include this date into the database path so you know where it is.

Note: When using the isset() you don't need to match it to true or false, you can simple do:

// false if(!isset($...)) { } // true if(isset($...)) { }
Improve this answer

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.