使用 PHP 显示外部 Web 根文件夹中的所有图像

发布于 2024-08-31 08:14:49 字数 1865 浏览 7 评论 0原文

我想显示存储在我的网络根文件夹之外的所有图像。请帮我。我只能重复显示一张图像。例如，如果我的文件夹中有 5 张图像，则只有一张图像在我的浏览器上显示 5 次。请帮我解决这个问题。我已经研究这个问题一个多月了。我是新手。帮助。谢谢。这是我正在使用的代码。

images.php

<?php   
  // Get our database connector
require("includes/copta.php");

// Grab the data from our people table
$sql = "select * from people";

$result = mysql_query($sql) or die ("Could not access DB: " . mysql_error());

$imgLocation = " /uploadfile/";

while ($row = mysql_fetch_array($result))
{
    $imgName = $row["filename"]; 
    $imgPath = $imgLocation . $imgName;

    echo "<img src=\"call_images.php?imgPath=" . $imgName . "\"  alt=\"\"><br/>";
    echo $row['id'] . " " . $imgName. "<br />";

}

?>

call_images.php

<?php
  // Get our database connector
require("includes/copta.php");

$imgLocation = '/ uploadz/';

$sql = "select * from people";

$result = mysql_query($sql) or 
    die ("Could not access DB: " . mysql_error());   

while ($row = mysql_fetch_array($result)) {

    $imgName = $row["filename"]; 
    $imgPath = $imgLocation . $imgName;


    // Make sure the file exists
    if(!file_exists($imgPath) || !is_file($imgPath)) {
        header('HTTP/1.0 404 Not Found');
        die('The file does not exist');
    }

    // Make sure the file is an image
    $imgData = getimagesize($imgPath);
    if(!$imgData) {
        header('HTTP/1.0 403 Forbidden');
        die('The file you requested is not an image.');
    }


    // Set the appropriate content-type
    // and provide the content-length.

    header("Pragma: public");
    header("Expires: 0");
    header("Cache-Control: must-revalidate, post-check=0, pre-check=0");

    header("Content-Type: image/jpg");
    header("Content-length: " . filesize($imgPath));

    // Print the image data
    readfile($imgPath);
    exit();

}
?>

原文

I want to display all images that are stored outside my web root folder. Please help me. I am only able to display one image repeatedly. For example, if I have 5 images in my folder, only one image is displayed on my browser 5 times. Please help me on this. I've been working on this problem for over a month now. I'm a newbie. Help. Thank you. Here is the code I'm using.

images.php

<?php   
  // Get our database connector
require("includes/copta.php");

// Grab the data from our people table
$sql = "select * from people";

$result = mysql_query($sql) or die ("Could not access DB: " . mysql_error());

$imgLocation = " /uploadfile/";

while ($row = mysql_fetch_array($result))
{
    $imgName = $row["filename"]; 
    $imgPath = $imgLocation . $imgName;

    echo "<img src=\"call_images.php?imgPath=" . $imgName . "\"  alt=\"\"><br/>";
    echo $row['id'] . " " . $imgName. "<br />";

}

?>

call_images.php

<?php
  // Get our database connector
require("includes/copta.php");

$imgLocation = '/ uploadz/';

$sql = "select * from people";

$result = mysql_query($sql) or 
    die ("Could not access DB: " . mysql_error());   

while ($row = mysql_fetch_array($result)) {

    $imgName = $row["filename"]; 
    $imgPath = $imgLocation . $imgName;


    // Make sure the file exists
    if(!file_exists($imgPath) || !is_file($imgPath)) {
        header('HTTP/1.0 404 Not Found');
        die('The file does not exist');
    }

    // Make sure the file is an image
    $imgData = getimagesize($imgPath);
    if(!$imgData) {
        header('HTTP/1.0 403 Forbidden');
        die('The file you requested is not an image.');
    }


    // Set the appropriate content-type
    // and provide the content-length.

    header("Pragma: public");
    header("Expires: 0");
    header("Cache-Control: must-revalidate, post-check=0, pre-check=0");

    header("Content-Type: image/jpg");
    header("Content-length: " . filesize($imgPath));

    // Print the image data
    readfile($imgPath);
    exit();

}
?>

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

￠蛋碎的人ぎ生 2024-09-07 08:14:49

问题是您没有解析传递给 call_images.php 的 QueryString 变量，而是运行相同的数据库查询，这只会返回数据库每次返回的第一个图像。这是（希望）更正的版本。

<?php
// Get our database connector
require("includes/copta.php");

$imgLocation = '/ uploadz/';

$fn = mysql_real_escape_string($_GET['imgPath']);

$sql = "select filename from people WHERE filename = '{$fn}'";

$result = mysql_query($sql) or 
    die ("Could not access DB: " . mysql_error());   

if (mysql_num_rows($result) == 0) {
    header('HTTP/1.0 404 Not Found');
    die('The file does not exist');
}
$imgName = mysql_result($result, 0, 0); 
$imgPath = $imgLocation . $imgName;

// Make sure the file exists
if(!file_exists($imgPath) || !is_file($imgPath)) {
    header('HTTP/1.0 404 Not Found');
    die('The file does not exist');
}

// Make sure the file is an image
$imgData = getimagesize($imgPath);
if(!$imgData) {
    header('HTTP/1.0 403 Forbidden');
    die('The file you requested is not an image.');
}


// Set the appropriate content-type
// and provide the content-length.

header("Pragma: public");
header("Expires: 0");
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");

header("Content-Type: image/jpg");
header("Content-length: " . filesize($imgPath));

// Print the image data
readfile($imgPath);
exit();
?>

关于这些更改需要了解什么：

$fn = mysql_real_escape_string($_GET['imgPath']); 获取您通过查询字符串传递的变量，然后对其进行转义，以便我们可以再次在数据库中运行它。这样我们就可以确保用户没有使用相对路径来尝试公开他们不应该访问的图像（除非您有它的数据库记录；安全性就是您所做的）。
我完全删除了循环，没有必要
使用 mysql_result()因为我们只需要一个字段的数据。
我建议将 readfile() 切换为 fpassthru()，这需要调用 fopen，但不会在内存中缓冲文件内容。

The problem is you're not parsing the QueryString variable you pass to call_images.php, but instead running the same database query, which will just return the first image that the database comes back with every time. Here is a (hopefully) corrected version.

<?php
// Get our database connector
require("includes/copta.php");

$imgLocation = '/ uploadz/';

$fn = mysql_real_escape_string($_GET['imgPath']);

$sql = "select filename from people WHERE filename = '{$fn}'";

$result = mysql_query($sql) or 
    die ("Could not access DB: " . mysql_error());   

if (mysql_num_rows($result) == 0) {
    header('HTTP/1.0 404 Not Found');
    die('The file does not exist');
}
$imgName = mysql_result($result, 0, 0); 
$imgPath = $imgLocation . $imgName;

// Make sure the file exists
if(!file_exists($imgPath) || !is_file($imgPath)) {
    header('HTTP/1.0 404 Not Found');
    die('The file does not exist');
}

// Make sure the file is an image
$imgData = getimagesize($imgPath);
if(!$imgData) {
    header('HTTP/1.0 403 Forbidden');
    die('The file you requested is not an image.');
}


// Set the appropriate content-type
// and provide the content-length.

header("Pragma: public");
header("Expires: 0");
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");

header("Content-Type: image/jpg");
header("Content-length: " . filesize($imgPath));

// Print the image data
readfile($imgPath);
exit();
?>

What to know about these changes:

$fn = mysql_real_escape_string($_GET['imgPath']); gets the variable you passed via querystring, and then escapes it so we can run it through the database again. This way we can be sure that the user hasn't used relative paths to try to expose an image that they shouldn't have access to (unless you have a database record for it; security is what you make it).
I removed the loop entirely, it was not necessary
I used mysql_result() since we only needed one field's worth of data.
I would recommend switching readfile() for fpassthru(), which requires a call to fopen, but does not buffer the contents of the file in memory.

回复收藏 0 原文

~没有更多了~