Character escape issue preventing proper folder name being generated by PHP include

Hello,

I'm trying to get a php script (http://www.globexposure.net/includes/travel_pic_thumbnails.php) to display the images on my webserver using phpThumb(), however, at present it displays a broken link for each image.

There are 3 issues, possibly related.
Issue 1, regards the proper escaping of characters used to build the filename address for each folder of pictures. With specific reference to variables at the end - the problem lies in the following bit of code:
<img src='/thumbphp/phpThumb.php?src=/includes/travel_pics/$poi_id/$file' alt=''/>
I have attached the complete php script (travel_pic_thumbnails.php) for your reference.

Issue 2, is that the address format that the script builds for each image is wrong. It seems to be looking at /includes/travel_pics/64 and saying this isn't a file, when in fact it should be treating this as a folder and processing all the images within it. Please see the attached image for reference.

Issue 3, is that when you mouse-over the broken links it says it's looking at the following folder format:
http://www.globexposure.net/includes/72
...when in fact it should be:
http://www.globexposure.net/includes/travel_pics/72/

Please can someone take a look at my code and tell me where i've messed up?


Cheers
not-a-file.png
travel-pic-thumbnails.php.txt
DaniishAsked:
Who is Participating?
 
Scripting_GuyConnect With a Mentor Commented:
i think that $poi_id is empty. This explains everything. It makes you read the wrong directory (you're scanning the directory that contains only the numeric folders but not any pictures), and it makes the links broken too.
0
 
DaniishAuthor Commented:
OK so how do i check where it's not being correctly populated?
0
 
Scripting_GuyCommented:
in the code snipped you posted, it is "just there". I'd need the rest of your code to tell that :)
0
Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

 
DaniishAuthor Commented:
Please find the 3 scripts which comprise my site attached.
index.php.txt
travel-pic-thumbnails.php.txt
read.php.txt
0
 
Ray PaseurConnect With a Mentor Commented:
OK, I've looked at them and I cannot find any place that $poi_id is defined.  It appears that this is supposed to represent a sub-directory, and it is used (as an undefined variable)  in this structure:

/includes/travel_pics/$poi_id/$file

That's part of travel-pic-thumbnails.

So you need to decide how you will determine what it should be, and then set the variable.

If you use error_reporting(E_ALL) you will get all of the undefined variables flagged, so you can check them to see where they need to be defined and what they need to contain.

Best, ~Ray
0
 
Ray PaseurConnect With a Mentor Commented:
Here is a properly escaped echo() statement:

echo "<a href=\"$file\" onclick='return hs.expand(this, { thumbnailId: 'thumb1' })' class='highslide'><img src=\"/thumbphp/phpThumb.php?src=/includes/travel_pics/$poi_id/$file\" alt=\"\" /></a>\n";


There are other ways to do this, but I find using the backslash to escape the double quotes is more consistent in rendering valid HTML.

~Ray
0
 
Ray PaseurConnect With a Mentor Commented:
I've searched for "includes" and "travel_pics" in the scripts you posted.  You should probably search for those terms, too, and make sure that your code that uses these terms is not commented out or skipped by a conditional statement.

Also, have a look at the code snippet.  You are using the @ to suppress error messages.  Get rid of that sort of code, at least while you are trying to debug your scripts.  You WANT the error messages at this point in the app life cycle.

HTH, ~Ray

// this displays the photos
while ($row=mysql_fetch_assoc($query_poi)){
  if($row['photo'] == 'x') {
    $dir = @ opendir("/travel_pics/".$row['id']."/"); // The '@' hides the warning message if opendir() fails
    $images = array();
    while (false !== ($file = readdir($dir))) {
      if (strpos($file, '.gif',1) || strpos($file, '.jpg',1) || strpos($file, '.jpeg',1) || strpos($file, '.JPG',1) || strpos($file, '.GIF',1) || strpos($file, '.JPEG',1)) {
        $images[] = $file;
      }
    }
    $imagesCSV = implode(',', $images);
  }  else {
    $imagesCSV = '';
  }
 
  // this displays the POI markers
  echo '<poi_markers poi_id="'.$row['id'].'" reg_id="'.$row['reg_id'].'" title="'.parseToXML($row['title']).'" date="'.$row['date'].'" name="'.parseToXML($row['name']).'" description="'.parseToXML($row['description']).'" lat="'.$row['lat'].'" lng="'.$row['lng'].'" icon="'.$row['icon'].'" minzl="'.$row['minzl'].'" maxzl="'.$row['maxzl'].'" photo="'.$imagesCSV.'" route="'.$row['route'].'"/>';
}

Open in new window

0
 
DaniishAuthor Commented:
Hi Ray,

Thanks for your comments i will take a proper look at these this evening. In the meantime, can i refer you to line 91 (line beginning... echo '<poi_markers) of the script "read.php" in which I define the variable poi_id:

poi_id="'.$row['id'].'"

Is this not an acceptable variable definition ?
0
 
Ray PaseurCommented:
Hi, Daniish.  No, it's not a variable definition.  In PHP all variables start with the dollar sign.  If you said

$poi_id = $row['id'];

and then said something like

echo '<poi_markers poi_id="'.$poi_id.'" reg_id="'...

You would get both the PHP variable definition and the XML statement.

Cheers, ~Ray
0
 
DaniishAuthor Commented:
Since i have used the same structure to date to define both the National and Regional markers - it seems logical to conclude that i will need to repeat the variable definitions for them as well...

$nat_id = $row['id'];
$reg_id = $row['id'];

Am i right in making this assumption?
0
 
Ray PaseurCommented:
Probably so!  But I'm not sure I know what is in $row['id'] in each of those cases - your program logic will need to be right about that.
0
 
DaniishAuthor Commented:
Nevermind my last post, i have updated the attributes accordingly (see attached if necessary).

Now that i have removed the '@' which was preventing the warning messages from being displayed, i get the attached (see code snippet) when i run www.globexposure.net/includes/read.php.


The directory its trying to open is correct but i can't quite understand where it's trying to find it, from the warning message recieved....it seems to be looking for /travel_pics/69/ in /home/sites/globexposure.net/public_html/includes/read.php

Not yet sure why!




<b>Warning</b>
:  opendir(/travel_pics/69/) [
<a href="function.opendir">function.opendir</a>
]: failed to open dir: No such file or directory in 

	<b>
/home/sites/globexposure.net/public_html/includes/read.php
</b>
 on line 
<b>79</b>
<br/>
<br/>
<b>Warning</b>
:  readdir(): supplied argument is not a valid Directory resource in 

	<b>
/home/sites/globexposure.net/public_html/includes/read.php
</b>
 on line 
<b>81</b>

Open in new window

read.php.txt
0
 
Ray PaseurConnect With a Mentor Commented:
This message:

No such file or directory in /home/sites/globexposure.net/public_html/includes/read.php on line 79

Says the error is occurring on line 79 of the script in the message.

Try removing the trailing slash from the name.  I'm not sure that will fix it, but it's easy and worth a shot.

~Ray
0
 
DaniishAuthor Commented:
Nice one Ray that sorted it :D
0
 
DaniishAuthor Commented:
Now i just need a way of defining $poi_id in travel_pic_thumbnails.php

I was trying to use: $poi_id = $row['id']; - but of course it doesn't understand what $row is.

Is there a way i can pass that variable and its definition from the read.php script...?
0
 
Ray PaseurConnect With a Mentor Commented:
You can try generating a URL like this in the read.php script:

www.[my url]?poi_id=[your poi id]

Maybe something like www.mysite.travel_pic_thumbnails.php?poi_id=67


<?php
// GET THE ID FROM THE URL
$poi_id = $_GET["poi_id"];
 
// MAKE THE DIRECTORY ID
$directory_name = getcwd();
$directory_name .= '/travel_pics';
$directory_name .= '/' . $poi_id;
 
// TRY THE OPENDIR
if (!$handle = opendir($directory_name)) { 
   die("Cannot Open Directory $directory_name"); 
}
else {
   while (false !== ($file = readdir($handle))) {
       if ($file != "." && $file != "..") {
           echo "
           <a href='$file' onclick='return hs.expand(this, { thumbnailId: 'thumb1' })' class='highslide'>
                <img src='/thumbphp/phpThumb.php?src=/includes/travel_pics/$poi_id/$file' alt=''/>
           </a>
           ";
       }
   }
   closedir($handle);
}
?>

Open in new window

0
 
DaniishAuthor Commented:
Hi Ray,

I have a suspicion that this won't work because the read.php script is generating all the markers at once and it's only when an individual marker is clicked that a request is made for the PHP include to call the travel_pic_thumbnails.php script!

I could of course be totally wrong about this lol

To test this though - could you show me in a little more detail how i add the poi_id to the URL from read.php

0
 
Ray PaseurConnect With a Mentor Commented:
Hi, Daniish.  I may not be able to solve the problem for you entirely.  You have posted hundreds of lines of code, and it is not easy to follow the logic.  A more succinct request for help might get you better answers.  

It looks like there are a lot of undefined variables, and I don't know where they get defined.  Also, I'm looking at the code in read.php and I see constructs that look like this:

$query_nations = mysql_query("SELECT * FROM nations"); // near line 32

followed by this:

while ($row=mysql_fetch_assoc($query_nations)){ // near line 64

but there is never a test for the value of $query_nations.  In other words, the script does not know whether the query succeeded; it just relies on the result set $query_nations, assuming it to be OK.  From where I sit, I cannot tell if it is OK or not.  A better construct might be like this:

if (!$query_nations = mysql_query("SELECT * FROM nations")) { die mysql_error(); }

Then you would at least know if the query worked.

I'd like to recommend a good book for you.  It is part of my permanent library, and it covers the best practices for a multitude of the things you are trying to accomplish.
http://www.sitepoint.com/books/phpmysql1/

Best regards, ~Ray
0
 
DaniishAuthor Commented:
Hi Ray,

Yeah i totally understand. The book looks pretty good so i'll probably get that - anything that explains these issues simply would be useful.

Though if i could ask one last question....

Since i am defining the following php include in my database against each record with images:
<?php include ('./includes/travel_pic_thumbnails.php'); ?>
is it possible for me to simply add the value of poi_id to the end of this? - like so:
<?php include ('./includes/travel_pic_thumbnails.php?poi_id=163'); ?>

..because this would invariably solve the problem very easily, since i'm hardcoding this anyway.

Thanks again Ray
0
 
Ray PaseurConnect With a Mentor Commented:
Yes, Daniish - I would try that include() statement with poi_id in the URL.  The value will be available to the PHP script called travel_pic_thumbnails in $_GET["poi_id"]

Cheers, ~Ray
0
 
DaniishAuthor Commented:
Thanks ever so much for being so patient with me, i've learnt quite a bit and i'm now very close to having a working site at last!
Thanks again for everything :)
0
All Courses

From novice to tech pro — start learning today.