3

我想显示存储在我的网络根文件夹之外的所有图像。请帮我。我只能重复显示一张图像。例如,如果我的文件夹中有 5 张图像,则只有一张图像在我的浏览器上显示 5 次。请帮助我。我已经在这个问题上工作了一个多月了。我是新手。帮助。谢谢你。这是我正在使用的代码。

图像.php

<?php   
  // Get our database connector
require("includes/copta.php");

// Grab the data from our people table
$sql = "select * from people";

$result = mysql_query($sql) or die ("Could not access DB: " . mysql_error());

$imgLocation = " /uploadfile/";

while ($row = mysql_fetch_array($result))
{
    $imgName = $row["filename"]; 
    $imgPath = $imgLocation . $imgName;

    echo "<img src=\"call_images.php?imgPath=" . $imgName . "\"  alt=\"\"><br/>";
    echo $row['id'] . " " . $imgName. "<br />";

}

?>

call_images.php

<?php
  // Get our database connector
require("includes/copta.php");

$imgLocation = '/ uploadz/';

$sql = "select * from people";

$result = mysql_query($sql) or 
    die ("Could not access DB: " . mysql_error());   

while ($row = mysql_fetch_array($result)) {

    $imgName = $row["filename"]; 
    $imgPath = $imgLocation . $imgName;


    // Make sure the file exists
    if(!file_exists($imgPath) || !is_file($imgPath)) {
        header('HTTP/1.0 404 Not Found');
        die('The file does not exist');
    }

    // Make sure the file is an image
    $imgData = getimagesize($imgPath);
    if(!$imgData) {
        header('HTTP/1.0 403 Forbidden');
        die('The file you requested is not an image.');
    }


    // Set the appropriate content-type
    // and provide the content-length.

    header("Pragma: public");
    header("Expires: 0");
    header("Cache-Control: must-revalidate, post-check=0, pre-check=0");

    header("Content-Type: image/jpg");
    header("Content-length: " . filesize($imgPath));

    // Print the image data
    readfile($imgPath);
    exit();

}
?>
4

1 回答 1

3

问题是您没有解析传递给 call_images.php 的 QueryString 变量,而是运行相同的数据库查询,这将只返回数据库每次返回的第一个图像。这是一个(希望)更正的版本。

<?php
// Get our database connector
require("includes/copta.php");

$imgLocation = '/ uploadz/';

$fn = mysql_real_escape_string($_GET['imgPath']);

$sql = "select filename from people WHERE filename = '{$fn}'";

$result = mysql_query($sql) or 
    die ("Could not access DB: " . mysql_error());   

if (mysql_num_rows($result) == 0) {
    header('HTTP/1.0 404 Not Found');
    die('The file does not exist');
}
$imgName = mysql_result($result, 0, 0); 
$imgPath = $imgLocation . $imgName;

// Make sure the file exists
if(!file_exists($imgPath) || !is_file($imgPath)) {
    header('HTTP/1.0 404 Not Found');
    die('The file does not exist');
}

// Make sure the file is an image
$imgData = getimagesize($imgPath);
if(!$imgData) {
    header('HTTP/1.0 403 Forbidden');
    die('The file you requested is not an image.');
}


// Set the appropriate content-type
// and provide the content-length.

header("Pragma: public");
header("Expires: 0");
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");

header("Content-Type: image/jpg");
header("Content-length: " . filesize($imgPath));

// Print the image data
readfile($imgPath);
exit();
?>

要了解这些变化:

  • $fn = mysql_real_escape_string($_GET['imgPath']);获取您通过查询字符串传递的变量,然后将其转义,以便我们可以再次通过数据库运行它。通过这种方式,我们可以确保用户没有使用相对路径来尝试公开他们不应该访问的图像(除非你有它的数据库记录;安全是你做的)。
  • 我完全删除了循环,没有必要
  • 我使用mysql_result()了,因为我们只需要一个字段的数据。
  • 我建议切换readfile()for fpassthru(),这需要调用 fopen,但不会在内存中缓冲文件的内容。
于 2010-05-03T23:27:45.640 回答