Solved

Character escape issue preventing proper folder name being generated by PHP include

Posted on 2008-10-19
21
324 Views
Last Modified: 2011-10-19
Hello,

I'm trying to get a php script (http://www.globexposure.net/includes/travel_pic_thumbnails.php) to display the images on my webserver using phpThumb(), however, at present it displays a broken link for each image.

There are 3 issues, possibly related.
Issue 1, regards the proper escaping of characters used to build the filename address for each folder of pictures. With specific reference to variables at the end - the problem lies in the following bit of code:
<img src='/thumbphp/phpThumb.php?src=/includes/travel_pics/$poi_id/$file' alt=''/>
I have attached the complete php script (travel_pic_thumbnails.php) for your reference.

Issue 2, is that the address format that the script builds for each image is wrong. It seems to be looking at /includes/travel_pics/64 and saying this isn't a file, when in fact it should be treating this as a folder and processing all the images within it. Please see the attached image for reference.

Issue 3, is that when you mouse-over the broken links it says it's looking at the following folder format:
http://www.globexposure.net/includes/72
...when in fact it should be:
http://www.globexposure.net/includes/travel_pics/72/

Please can someone take a look at my code and tell me where i've messed up?


Cheers
not-a-file.png
travel-pic-thumbnails.php.txt
0
Comment
Question by:Daniish
  • 10
  • 9
  • 2
21 Comments
 
LVL 3

Accepted Solution

by:
Scripting_Guy earned 100 total points
ID: 22754274
i think that $poi_id is empty. This explains everything. It makes you read the wrong directory (you're scanning the directory that contains only the numeric folders but not any pictures), and it makes the links broken too.
0
 

Author Comment

by:Daniish
ID: 22754456
OK so how do i check where it's not being correctly populated?
0
 
LVL 3

Expert Comment

by:Scripting_Guy
ID: 22754467
in the code snipped you posted, it is "just there". I'd need the rest of your code to tell that :)
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:Daniish
ID: 22755638
Please find the 3 scripts which comprise my site attached.
index.php.txt
travel-pic-thumbnails.php.txt
read.php.txt
0
 
LVL 110

Assisted Solution

by:Ray Paseur
Ray Paseur earned 400 total points
ID: 22757618
OK, I've looked at them and I cannot find any place that $poi_id is defined.  It appears that this is supposed to represent a sub-directory, and it is used (as an undefined variable)  in this structure:

/includes/travel_pics/$poi_id/$file

That's part of travel-pic-thumbnails.

So you need to decide how you will determine what it should be, and then set the variable.

If you use error_reporting(E_ALL) you will get all of the undefined variables flagged, so you can check them to see where they need to be defined and what they need to contain.

Best, ~Ray
0
 
LVL 110

Assisted Solution

by:Ray Paseur
Ray Paseur earned 400 total points
ID: 22757692
Here is a properly escaped echo() statement:

echo "<a href=\"$file\" onclick='return hs.expand(this, { thumbnailId: 'thumb1' })' class='highslide'><img src=\"/thumbphp/phpThumb.php?src=/includes/travel_pics/$poi_id/$file\" alt=\"\" /></a>\n";


There are other ways to do this, but I find using the backslash to escape the double quotes is more consistent in rendering valid HTML.

~Ray
0
 
LVL 110

Assisted Solution

by:Ray Paseur
Ray Paseur earned 400 total points
ID: 22758061
I've searched for "includes" and "travel_pics" in the scripts you posted.  You should probably search for those terms, too, and make sure that your code that uses these terms is not commented out or skipped by a conditional statement.

Also, have a look at the code snippet.  You are using the @ to suppress error messages.  Get rid of that sort of code, at least while you are trying to debug your scripts.  You WANT the error messages at this point in the app life cycle.

HTH, ~Ray

// this displays the photos
while ($row=mysql_fetch_assoc($query_poi)){
  if($row['photo'] == 'x') {
    $dir = @ opendir("/travel_pics/".$row['id']."/"); // The '@' hides the warning message if opendir() fails
    $images = array();
    while (false !== ($file = readdir($dir))) {
      if (strpos($file, '.gif',1) || strpos($file, '.jpg',1) || strpos($file, '.jpeg',1) || strpos($file, '.JPG',1) || strpos($file, '.GIF',1) || strpos($file, '.JPEG',1)) {
        $images[] = $file;
      }
    }
    $imagesCSV = implode(',', $images);
  }  else {
    $imagesCSV = '';
  }
 
  // this displays the POI markers
  echo '<poi_markers poi_id="'.$row['id'].'" reg_id="'.$row['reg_id'].'" title="'.parseToXML($row['title']).'" date="'.$row['date'].'" name="'.parseToXML($row['name']).'" description="'.parseToXML($row['description']).'" lat="'.$row['lat'].'" lng="'.$row['lng'].'" icon="'.$row['icon'].'" minzl="'.$row['minzl'].'" maxzl="'.$row['maxzl'].'" photo="'.$imagesCSV.'" route="'.$row['route'].'"/>';
}

Open in new window

0
 

Author Comment

by:Daniish
ID: 22758499
Hi Ray,

Thanks for your comments i will take a proper look at these this evening. In the meantime, can i refer you to line 91 (line beginning... echo '<poi_markers) of the script "read.php" in which I define the variable poi_id:

poi_id="'.$row['id'].'"

Is this not an acceptable variable definition ?
0
 
LVL 110

Expert Comment

by:Ray Paseur
ID: 22758607
Hi, Daniish.  No, it's not a variable definition.  In PHP all variables start with the dollar sign.  If you said

$poi_id = $row['id'];

and then said something like

echo '<poi_markers poi_id="'.$poi_id.'" reg_id="'...

You would get both the PHP variable definition and the XML statement.

Cheers, ~Ray
0
 

Author Comment

by:Daniish
ID: 22758799
Since i have used the same structure to date to define both the National and Regional markers - it seems logical to conclude that i will need to repeat the variable definitions for them as well...

$nat_id = $row['id'];
$reg_id = $row['id'];

Am i right in making this assumption?
0
 
LVL 110

Expert Comment

by:Ray Paseur
ID: 22759183
Probably so!  But I'm not sure I know what is in $row['id'] in each of those cases - your program logic will need to be right about that.
0
 

Author Comment

by:Daniish
ID: 22759228
Nevermind my last post, i have updated the attributes accordingly (see attached if necessary).

Now that i have removed the '@' which was preventing the warning messages from being displayed, i get the attached (see code snippet) when i run www.globexposure.net/includes/read.php.


The directory its trying to open is correct but i can't quite understand where it's trying to find it, from the warning message recieved....it seems to be looking for /travel_pics/69/ in /home/sites/globexposure.net/public_html/includes/read.php

Not yet sure why!




<b>Warning</b>
:  opendir(/travel_pics/69/) [
<a href="function.opendir">function.opendir</a>
]: failed to open dir: No such file or directory in 

	<b>
/home/sites/globexposure.net/public_html/includes/read.php
</b>
 on line 
<b>79</b>
<br/>
<br/>
<b>Warning</b>
:  readdir(): supplied argument is not a valid Directory resource in 

	<b>
/home/sites/globexposure.net/public_html/includes/read.php
</b>
 on line 
<b>81</b>

Open in new window

read.php.txt
0
 
LVL 110

Assisted Solution

by:Ray Paseur
Ray Paseur earned 400 total points
ID: 22759345
This message:

No such file or directory in /home/sites/globexposure.net/public_html/includes/read.php on line 79

Says the error is occurring on line 79 of the script in the message.

Try removing the trailing slash from the name.  I'm not sure that will fix it, but it's easy and worth a shot.

~Ray
0
 

Author Comment

by:Daniish
ID: 22759394
Nice one Ray that sorted it :D
0
 

Author Comment

by:Daniish
ID: 22759457
Now i just need a way of defining $poi_id in travel_pic_thumbnails.php

I was trying to use: $poi_id = $row['id']; - but of course it doesn't understand what $row is.

Is there a way i can pass that variable and its definition from the read.php script...?
0
 
LVL 110

Assisted Solution

by:Ray Paseur
Ray Paseur earned 400 total points
ID: 22759883
You can try generating a URL like this in the read.php script:

www.[my url]?poi_id=[your poi id]

Maybe something like www.mysite.travel_pic_thumbnails.php?poi_id=67


<?php
// GET THE ID FROM THE URL
$poi_id = $_GET["poi_id"];
 
// MAKE THE DIRECTORY ID
$directory_name = getcwd();
$directory_name .= '/travel_pics';
$directory_name .= '/' . $poi_id;
 
// TRY THE OPENDIR
if (!$handle = opendir($directory_name)) { 
   die("Cannot Open Directory $directory_name"); 
}
else {
   while (false !== ($file = readdir($handle))) {
       if ($file != "." && $file != "..") {
           echo "
           <a href='$file' onclick='return hs.expand(this, { thumbnailId: 'thumb1' })' class='highslide'>
                <img src='/thumbphp/phpThumb.php?src=/includes/travel_pics/$poi_id/$file' alt=''/>
           </a>
           ";
       }
   }
   closedir($handle);
}
?>

Open in new window

0
 

Author Comment

by:Daniish
ID: 22760117
Hi Ray,

I have a suspicion that this won't work because the read.php script is generating all the markers at once and it's only when an individual marker is clicked that a request is made for the PHP include to call the travel_pic_thumbnails.php script!

I could of course be totally wrong about this lol

To test this though - could you show me in a little more detail how i add the poi_id to the URL from read.php

0
 
LVL 110

Assisted Solution

by:Ray Paseur
Ray Paseur earned 400 total points
ID: 22760928
Hi, Daniish.  I may not be able to solve the problem for you entirely.  You have posted hundreds of lines of code, and it is not easy to follow the logic.  A more succinct request for help might get you better answers.  

It looks like there are a lot of undefined variables, and I don't know where they get defined.  Also, I'm looking at the code in read.php and I see constructs that look like this:

$query_nations = mysql_query("SELECT * FROM nations"); // near line 32

followed by this:

while ($row=mysql_fetch_assoc($query_nations)){ // near line 64

but there is never a test for the value of $query_nations.  In other words, the script does not know whether the query succeeded; it just relies on the result set $query_nations, assuming it to be OK.  From where I sit, I cannot tell if it is OK or not.  A better construct might be like this:

if (!$query_nations = mysql_query("SELECT * FROM nations")) { die mysql_error(); }

Then you would at least know if the query worked.

I'd like to recommend a good book for you.  It is part of my permanent library, and it covers the best practices for a multitude of the things you are trying to accomplish.
http://www.sitepoint.com/books/phpmysql1/

Best regards, ~Ray
0
 

Author Comment

by:Daniish
ID: 22763193
Hi Ray,

Yeah i totally understand. The book looks pretty good so i'll probably get that - anything that explains these issues simply would be useful.

Though if i could ask one last question....

Since i am defining the following php include in my database against each record with images:
<?php include ('./includes/travel_pic_thumbnails.php'); ?>
is it possible for me to simply add the value of poi_id to the end of this? - like so:
<?php include ('./includes/travel_pic_thumbnails.php?poi_id=163'); ?>

..because this would invariably solve the problem very easily, since i'm hardcoding this anyway.

Thanks again Ray
0
 
LVL 110

Assisted Solution

by:Ray Paseur
Ray Paseur earned 400 total points
ID: 22763212
Yes, Daniish - I would try that include() statement with poi_id in the URL.  The value will be available to the PHP script called travel_pic_thumbnails in $_GET["poi_id"]

Cheers, ~Ray
0
 

Author Closing Comment

by:Daniish
ID: 31507676
Thanks ever so much for being so patient with me, i've learnt quite a bit and i'm now very close to having a working site at last!
Thanks again for everything :)
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
3 proven steps to speed up Magento powered sites. The article focus is on optimizing time to first byte (TTFB), full page caching and configuring server for optimal performance.
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

679 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question