davidsperling
asked on
How do you display pictures in html, not stored in public_html, wwwroot or similar?
I'm using a web hotel (apache). Would be nice if the pics weren't in the html-folder, so that it wouldn't be possible to deep link to them.
Can u do that?
/Dave
Can u do that?
/Dave
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Btw, what's you're arguments for storing pics in blobs? Most people seems to dislike that idea. Makes the dateabase less managable for example.
I did it for my first website and came to the conclusion it was rubbish too! I just suggested you look up the script in order to get an idea of how to serve images/files.
I don't have an example to hand, but this is a simple solution.
Two parts are attached here. the first if the code where you'll display the image, the second is display_pics.php which serves the image to the webpages.
I don't have an example to hand, but this is a simple solution.
Two parts are attached here. the first if the code where you'll display the image, the second is display_pics.php which serves the image to the webpages.
// webpage
<?php
session_start();
$_SESSION['display_pics']=TRUE;
?>
<img src="display_pic.php?id=1"/>
// display_pic.php
<?php
if( (isset($_SESSION['display_pics'])) && ($_SESSION['display_pics']) )
{
if( (isset($_GET['image_name'])) && (!empty($_GET['image_name'])) )
{
$image_name='../protected_images/'.eregi_replace('[^a-z0-9.]','',$_GET['image_name']);
if(file_exists($image_name))
{
$header=mime_content_type($image_name);
if(ereg("image",$header))
{
header('Content-type: '.mime_content_type($image_name));
file_get_contents($image_name);
exit();
}
}
}
}
header("Content-Type: image/gif");
file('../protected_images/bad_image.gif');
?>
sorry just coded that and made some changes that I didn't change in the first bit of code.
<img src="display_pic.php?id=1"
should be:-
<img src="display_pic.php?image
and the function get_file_contents() should be readfile() as it outputs straight to the output buffer.
the egrei_replace() removes all characters that are not . a to z or 0 to 9
this is to prevent anyone adding in subdirectories ie ../../../passwd.txt
A default image of bad_image.gif will be displayed if it isn't an image, it doesn't exit or no image was specified.
<img src="display_pic.php?id=1"
should be:-
<img src="display_pic.php?image
and the function get_file_contents() should be readfile() as it outputs straight to the output buffer.
the egrei_replace() removes all characters that are not . a to z or 0 to 9
this is to prevent anyone adding in subdirectories ie ../../../passwd.txt
A default image of bad_image.gif will be displayed if it isn't an image, it doesn't exit or no image was specified.
ASKER
Thanks! Didn't get your example to work, but this worx:
Now I can't work it from here :-)
/Dave
Now I can't work it from here :-)
/Dave
<?php
define("FILENAME","/home/my_hotel_account/pic_upload/logo.gif");
header ("Content-Type: image/gif");
readfile(FILENAME);
?>ASKER
I mean I *can* work it from here...
ASKER