Displaying images stored in a database using PHP

Question

For my current assignment I'm trying to store files into the DB and display them. Currently I have no problem storing the files but I can't display them properly. I'm using this in my main form.

<td><a href=getImage.php?id='.$file[0].'"  />Resume</a></td>

And this is the query I'm using to get the file out of the DB.

  $sql = "SELECT file FROM table WHERE Res_ID=$referenced_ID";
  $result = mysqli_query($dbc, $sql);
  $row = mysqli_fetch_assoc($result);

header('Content-type: image/jpg');
     echo "<img src=\"{$row['file']}\" /><br />";

The result is

…³V!µÔ¢ošweöÿZ–îÌèEÈÎpEJ·˜kä€òþòâ­Gas È*G¨¥vA¤uEN¤S]‰:ñY“iwØ8‡¥e]ØÝGÑ‘øQÍ!«3¨ÄvÙÁu§]zÕÿOã^ssÌuáY7WP“ÔT6Æà™ëâþÊQË!üi­oe8 9ô5ã?ÛSÇÔ‘RÃ⛘VCBh¹>ϳ=BïÃVwåçÔW#¯|8†ufŠ4ob1PiÞ=q(,>µÐYx®Æ÷¥ò›Ñ5b½äy6«ðÆbͲϡ®fóá– í„ξ‹’xvîYVEöæ«6§]|²½ýj‡Ï#åËßjv™-k.u\ŠÈ›O–#ó!ЊúÊmcLþ-¹ïšÆÔ4ïkùñE¸ÿ0h±j§‘òù Ԉ켯íº×ÂÝã/g:»¸âïþ=³-²û?áHÑI3ŒKÙW¨ÍNºŽî-¶_Ã@IÙ¸{Tiû¸>â€3ÿu7@V[àü­š‘í•ùT[9\Ó’ª?oçJ©ù…69Ùxß÷¹©ö¼ |ÊOµ°™W#@êàÔ²iw®»–uõ5Eíåˆà«ôÅHä¯"‘\PˆÙŽ>ïÖœÖò'¡÷†^Ž@3Sg+ÀéYžt±uBG­>=H'ÞB>”À¾7ƒè)É#)åsU×S‰‡R>µ"\£ô4‹é"ç=D/ÿ- š¦¼ô©àuCó'´‰ Ë7çPëÑ¿Z½åÛÌ>\Mk &ʱœÒ0ê*#)ÏAV怩#Bd`^):ܲ¯ü*îÛERk†^ù¦CiÃsõ¦ ší¹Îj¬“*øhf﶑¬†CqíH’ëëIæsŒŠÐ{=ÍW{ :dÓ¸aÐœýjXîæCÃA:æ”CŽÿe5iG£}h7I7ßCüê¬8èqP–t<Ò…©£¸MÄúbª¼EM'ÚJš‘oPýôϽHˆ2GµZ¶¾T H/Ò¢yb“§ò¦R9ÓC6,n...

I'm using images as a sample at the moment but the finished php should eventually allow to display PDF documents. If it's any help I'm using phpmyadmin and MySQLi.

Answer 1

As the comments suggest, storing the file location in the database is much better than storing the file's data in the database. BUT if you need to store the file contents in the database for some reason, there are two methods. One is using the HTML data: URL and the other is having a PHP file as the middle man.

For the PHP Middle Man method, look at the answer above mine where it sets the header information and then echo's the file contents. The file extension doesn't matter since browsers refer to the content-type header instead of file extensions.

For the Data URL method, which can be placed directly in your code easily check out http://en.wikipedia.org/wiki/Data_URI_scheme

<?php
    // Array of valid Mime Types, prevents possible XSS methods.
    $valid_mimes = array(
        'image/png',
        'image/gif',
        'image/jpeg'
    );

    // Obtain Mime Type using finfo
    // Finfo allows for strings instead of file path
    $finfo = new finfo(FILEINFO_MIME_TYPE);
    $mime = $finfo->buffer($row['file']);

    // Check if mime is in our $valid_mimes array
    if(!in_array($mime,$valid_mimes)) {
        // Handle Error
        echo 'Illegal Mime Type: '.$mime;
        die();
    }

    $b64 = base64_encode($row['file']);
    echo '<img src="data:'.$mime.';base64,'.$b64.'" />';
?>

Answer 2

You cant output <img src=\ as an output it will corrupt the image file and Please use getImage.php as a different file to output images or verify that no output is printed before,after or in mid of image else it will corrupt the image.

if(isset($_GET['id'])){
$sql = "SELECT file FROM table WHERE Res_ID=$referenced_ID";
  $result = mysqli_query($dbc, $sql);
  $row = mysqli_fetch_assoc($result);

header('Content-type: image/jpg');
echo $row['file'];
}