Solved

Character escape issue preventing proper folder name being generated by PHP include

Posted on 2008-10-19
21
321 Views
Last Modified: 2011-10-19
Hello,

I'm trying to get a php script (http://www.globexposure.net/includes/travel_pic_thumbnails.php) to display the images on my webserver using phpThumb(), however, at present it displays a broken link for each image.

There are 3 issues, possibly related.
Issue 1, regards the proper escaping of characters used to build the filename address for each folder of pictures. With specific reference to variables at the end - the problem lies in the following bit of code:
<img src='/thumbphp/phpThumb.php?src=/includes/travel_pics/$poi_id/$file' alt=''/>
I have attached the complete php script (travel_pic_thumbnails.php) for your reference.

Issue 2, is that the address format that the script builds for each image is wrong. It seems to be looking at /includes/travel_pics/64 and saying this isn't a file, when in fact it should be treating this as a folder and processing all the images within it. Please see the attached image for reference.

Issue 3, is that when you mouse-over the broken links it says it's looking at the following folder format:
http://www.globexposure.net/includes/72
...when in fact it should be:
http://www.globexposure.net/includes/travel_pics/72/

Please can someone take a look at my code and tell me where i've messed up?


Cheers
not-a-file.png
travel-pic-thumbnails.php.txt
0
Comment
Question by:Daniish
  • 10
  • 9
  • 2
21 Comments
 
LVL 3

Accepted Solution

by:
Scripting_Guy earned 100 total points
ID: 22754274
i think that $poi_id is empty. This explains everything. It makes you read the wrong directory (you're scanning the directory that contains only the numeric folders but not any pictures), and it makes the links broken too.
0
 

Author Comment

by:Daniish
ID: 22754456
OK so how do i check where it's not being correctly populated?
0
 
LVL 3

Expert Comment

by:Scripting_Guy
ID: 22754467
in the code snipped you posted, it is "just there". I'd need the rest of your code to tell that :)
0
 

Author Comment

by:Daniish
ID: 22755638
Please find the 3 scripts which comprise my site attached.
index.php.txt
travel-pic-thumbnails.php.txt
read.php.txt
0
 
LVL 108

Assisted Solution

by:Ray Paseur
Ray Paseur earned 400 total points
ID: 22757618
OK, I've looked at them and I cannot find any place that $poi_id is defined.  It appears that this is supposed to represent a sub-directory, and it is used (as an undefined variable)  in this structure:

/includes/travel_pics/$poi_id/$file

That's part of travel-pic-thumbnails.

So you need to decide how you will determine what it should be, and then set the variable.

If you use error_reporting(E_ALL) you will get all of the undefined variables flagged, so you can check them to see where they need to be defined and what they need to contain.

Best, ~Ray
0
 
LVL 108

Assisted Solution

by:Ray Paseur
Ray Paseur earned 400 total points
ID: 22757692
Here is a properly escaped echo() statement:

echo "<a href=\"$file\" onclick='return hs.expand(this, { thumbnailId: 'thumb1' })' class='highslide'><img src=\"/thumbphp/phpThumb.php?src=/includes/travel_pics/$poi_id/$file\" alt=\"\" /></a>\n";


There are other ways to do this, but I find using the backslash to escape the double quotes is more consistent in rendering valid HTML.

~Ray
0
 
LVL 108

Assisted Solution

by:Ray Paseur
Ray Paseur earned 400 total points
ID: 22758061
I've searched for "includes" and "travel_pics" in the scripts you posted.  You should probably search for those terms, too, and make sure that your code that uses these terms is not commented out or skipped by a conditional statement.

Also, have a look at the code snippet.  You are using the @ to suppress error messages.  Get rid of that sort of code, at least while you are trying to debug your scripts.  You WANT the error messages at this point in the app life cycle.

HTH, ~Ray

// this displays the photos

while ($row=mysql_fetch_assoc($query_poi)){

  if($row['photo'] == 'x') {

    $dir = @ opendir("/travel_pics/".$row['id']."/"); // The '@' hides the warning message if opendir() fails

    $images = array();

    while (false !== ($file = readdir($dir))) {

      if (strpos($file, '.gif',1) || strpos($file, '.jpg',1) || strpos($file, '.jpeg',1) || strpos($file, '.JPG',1) || strpos($file, '.GIF',1) || strpos($file, '.JPEG',1)) {

        $images[] = $file;

      }

    }

    $imagesCSV = implode(',', $images);

  }  else {

    $imagesCSV = '';

  }
 

  // this displays the POI markers

  echo '<poi_markers poi_id="'.$row['id'].'" reg_id="'.$row['reg_id'].'" title="'.parseToXML($row['title']).'" date="'.$row['date'].'" name="'.parseToXML($row['name']).'" description="'.parseToXML($row['description']).'" lat="'.$row['lat'].'" lng="'.$row['lng'].'" icon="'.$row['icon'].'" minzl="'.$row['minzl'].'" maxzl="'.$row['maxzl'].'" photo="'.$imagesCSV.'" route="'.$row['route'].'"/>';

}

Open in new window

0
 

Author Comment

by:Daniish
ID: 22758499
Hi Ray,

Thanks for your comments i will take a proper look at these this evening. In the meantime, can i refer you to line 91 (line beginning... echo '<poi_markers) of the script "read.php" in which I define the variable poi_id:

poi_id="'.$row['id'].'"

Is this not an acceptable variable definition ?
0
 
LVL 108

Expert Comment

by:Ray Paseur
ID: 22758607
Hi, Daniish.  No, it's not a variable definition.  In PHP all variables start with the dollar sign.  If you said

$poi_id = $row['id'];

and then said something like

echo '<poi_markers poi_id="'.$poi_id.'" reg_id="'...

You would get both the PHP variable definition and the XML statement.

Cheers, ~Ray
0
 

Author Comment

by:Daniish
ID: 22758799
Since i have used the same structure to date to define both the National and Regional markers - it seems logical to conclude that i will need to repeat the variable definitions for them as well...

$nat_id = $row['id'];
$reg_id = $row['id'];

Am i right in making this assumption?
0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 
LVL 108

Expert Comment

by:Ray Paseur
ID: 22759183
Probably so!  But I'm not sure I know what is in $row['id'] in each of those cases - your program logic will need to be right about that.
0
 

Author Comment

by:Daniish
ID: 22759228
Nevermind my last post, i have updated the attributes accordingly (see attached if necessary).

Now that i have removed the '@' which was preventing the warning messages from being displayed, i get the attached (see code snippet) when i run www.globexposure.net/includes/read.php.


The directory its trying to open is correct but i can't quite understand where it's trying to find it, from the warning message recieved....it seems to be looking for /travel_pics/69/ in /home/sites/globexposure.net/public_html/includes/read.php

Not yet sure why!




<b>Warning</b>

:  opendir(/travel_pics/69/) [

<a href="function.opendir">function.opendir</a>

]: failed to open dir: No such file or directory in 



	<b>

/home/sites/globexposure.net/public_html/includes/read.php

</b>

 on line 

<b>79</b>

<br/>

<br/>

<b>Warning</b>

:  readdir(): supplied argument is not a valid Directory resource in 



	<b>

/home/sites/globexposure.net/public_html/includes/read.php

</b>

 on line 

<b>81</b>

Open in new window

read.php.txt
0
 
LVL 108

Assisted Solution

by:Ray Paseur
Ray Paseur earned 400 total points
ID: 22759345
This message:

No such file or directory in /home/sites/globexposure.net/public_html/includes/read.php on line 79

Says the error is occurring on line 79 of the script in the message.

Try removing the trailing slash from the name.  I'm not sure that will fix it, but it's easy and worth a shot.

~Ray
0
 

Author Comment

by:Daniish
ID: 22759394
Nice one Ray that sorted it :D
0
 

Author Comment

by:Daniish
ID: 22759457
Now i just need a way of defining $poi_id in travel_pic_thumbnails.php

I was trying to use: $poi_id = $row['id']; - but of course it doesn't understand what $row is.

Is there a way i can pass that variable and its definition from the read.php script...?
0
 
LVL 108

Assisted Solution

by:Ray Paseur
Ray Paseur earned 400 total points
ID: 22759883
You can try generating a URL like this in the read.php script:

www.[my url]?poi_id=[your poi id]

Maybe something like www.mysite.travel_pic_thumbnails.php?poi_id=67


<?php

// GET THE ID FROM THE URL

$poi_id = $_GET["poi_id"];
 

// MAKE THE DIRECTORY ID

$directory_name = getcwd();

$directory_name .= '/travel_pics';

$directory_name .= '/' . $poi_id;

 

// TRY THE OPENDIR

if (!$handle = opendir($directory_name)) { 

   die("Cannot Open Directory $directory_name"); 

}

else {

   while (false !== ($file = readdir($handle))) {

       if ($file != "." && $file != "..") {

           echo "

           <a href='$file' onclick='return hs.expand(this, { thumbnailId: 'thumb1' })' class='highslide'>

                <img src='/thumbphp/phpThumb.php?src=/includes/travel_pics/$poi_id/$file' alt=''/>

           </a>

           ";

       }

   }

   closedir($handle);

}

?>

Open in new window

0
 

Author Comment

by:Daniish
ID: 22760117
Hi Ray,

I have a suspicion that this won't work because the read.php script is generating all the markers at once and it's only when an individual marker is clicked that a request is made for the PHP include to call the travel_pic_thumbnails.php script!

I could of course be totally wrong about this lol

To test this though - could you show me in a little more detail how i add the poi_id to the URL from read.php

0
 
LVL 108

Assisted Solution

by:Ray Paseur
Ray Paseur earned 400 total points
ID: 22760928
Hi, Daniish.  I may not be able to solve the problem for you entirely.  You have posted hundreds of lines of code, and it is not easy to follow the logic.  A more succinct request for help might get you better answers.  

It looks like there are a lot of undefined variables, and I don't know where they get defined.  Also, I'm looking at the code in read.php and I see constructs that look like this:

$query_nations = mysql_query("SELECT * FROM nations"); // near line 32

followed by this:

while ($row=mysql_fetch_assoc($query_nations)){ // near line 64

but there is never a test for the value of $query_nations.  In other words, the script does not know whether the query succeeded; it just relies on the result set $query_nations, assuming it to be OK.  From where I sit, I cannot tell if it is OK or not.  A better construct might be like this:

if (!$query_nations = mysql_query("SELECT * FROM nations")) { die mysql_error(); }

Then you would at least know if the query worked.

I'd like to recommend a good book for you.  It is part of my permanent library, and it covers the best practices for a multitude of the things you are trying to accomplish.
http://www.sitepoint.com/books/phpmysql1/

Best regards, ~Ray
0
 

Author Comment

by:Daniish
ID: 22763193
Hi Ray,

Yeah i totally understand. The book looks pretty good so i'll probably get that - anything that explains these issues simply would be useful.

Though if i could ask one last question....

Since i am defining the following php include in my database against each record with images:
<?php include ('./includes/travel_pic_thumbnails.php'); ?>
is it possible for me to simply add the value of poi_id to the end of this? - like so:
<?php include ('./includes/travel_pic_thumbnails.php?poi_id=163'); ?>

..because this would invariably solve the problem very easily, since i'm hardcoding this anyway.

Thanks again Ray
0
 
LVL 108

Assisted Solution

by:Ray Paseur
Ray Paseur earned 400 total points
ID: 22763212
Yes, Daniish - I would try that include() statement with poi_id in the URL.  The value will be available to the PHP script called travel_pic_thumbnails in $_GET["poi_id"]

Cheers, ~Ray
0
 

Author Closing Comment

by:Daniish
ID: 31507676
Thanks ever so much for being so patient with me, i've learnt quite a bit and i'm now very close to having a working site at last!
Thanks again for everything :)
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
delete database record with modal 21 34
Paging Using PHP 7 34
wordpress issue 2 22
Wordpress Body Class 5 13
Things That Drive Us Nuts Have you noticed the use of the reCaptcha feature at EE and other web sites?  It wants you to read and retype something that looks like this.Insanity!  It's not EE's fault - that's just the way reCaptcha works.  But it is …
This article discusses four methods for overlaying images in a container on a web page
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now