[TYPO3] Display Image From MySQL Database
ries van Twisk
typo3 at rvt.dds.nl
Sat Sep 13 15:31:47 CEST 2008
On Sep 13, 2008, at 8:22 AM, Dmitry Dulepov [typo3] wrote:
> Hi!
>
> Lee M. Childress wrote:
>> I'm going bonkers. I am using an image tag <img
>> src="render_image.php?db=0&id=317" alt="" /> to display an image
>> contained in a mysql database. I am using the following script to
>> display the image:
>>
>> /** * RENDER IMAGE * ============ */ if ($_GET['id'] &&
>> $_GET['db']) { if (strtolower($_GET['db']) == '0') { $_db =
>> 'events'; $new_width = 200; } if
>> (strtolower($_GET['db']) == '1') { $_db = 'recipes';
>> $new_width = 200; } $sql = new MySQL;
>> $sql->mysql_query = 'SELECT image FROM ' . $_db . ' WHERE id = ' .
>> $_GET['id'] . ' LIMIT 1'; $sql->connect(); $_row =
>
> Your code is very insecure. Hackers will have a lotf ways to break
> into your system.
>
>> I keep getting a broken image. Any ideas?
>
> No. Not TYPO3-related for sure...
We have occasionally seen broken images from TYPO3 aswell....
regards, Ries van Twisk
-------------------------------------------------------------------------------------------------
Ries van Twisk
tags: Freelance TYPO3 Glassfish JasperReports JasperETL Flex Blaze-DS
WebORB PostgreSQL DB-Architect
email: ries at vantwisk.nl
web: http://www.rvantwisk.nl/
skype: callto://r.vantwisk
More information about the TYPO3-english
mailing list