Jump to content


Dynamic image

Started by Friiks, Nov 17 2006 02:02 PM

2 replies to this topic

#1 Friiks

    Young Padawan

  • Members
  • Pip
  • 56 posts
  • Gender:Male
  • Location:Latvia
  • Interests:Guitar, music, having all sorts of fun...and well enjoying my life (as enjoyable as it can be) as good as I can :D<br /><br />Oh yea, and of course - http://snowmoons.com

Posted 17 November 2006 - 02:02 PM

Hey!

I have a big problem with this one (or maybe it isnt that big).
I made a few scripts that works like a download counter and generates image which shows how many times has the file been downloaded. It all works fine but the problem is that I cant post it on any forums as most of them dont allow to put dynamic pages in [ img ] tags. So I thought I could just use .htaccess but when I opened notepad I didnt know what to write as the file creates more then one image.
http://jext.vectored...image.png?&id=6 - thats the link to the file which generates the image(I renamed image.php to image.png cuz I hoped it would fix the problem...but it didnt)
http://jext.vectored...m/downloads.php - file that reads downloads from database and lists them...

So..my question is how to make it so I can use the image in forums etc. ?

P.S.

Heres the code for the image.png

<?php
include("config.php");
$getdownloads = mysql_query("SELECT * from downloads where id='$id'");
while($row = mysql_fetch_assoc($getdownloads))
{
$image = "signature.png";
$im = @ImageCreateFromPNG($image);
$blue = ImageColorAllocate ($im, 29, 18, 158);
ImageString($im, 3, 45, 15, "$row[title] has been downloaded", $blue);
ImageString($im, 15, 135, 30, "$row[count]", $blue);
ImageString($im, 3, 98, 43, "times already", $blue);
header("Content-Type: image/png");
ImagePNG($im,'',100);
ImageDestroy ($im);
}
?>

#2 Demonslay

    P2L Jedi

  • Members
  • PipPipPip
  • 970 posts
  • Gender:Male
  • Location:A strange world where water falls out of the sky... for no reason.
  • Interests:Graphic Design, Coding, Splinter Cell, Cats

Posted 17 November 2006 - 04:51 PM

Why are you using a while loop when you only have one result? Kind of a waste and completely illogical to try to do such a thing.

Anyways, try to use RewriteRules to form it differently, like so.
Options +FollowSymlinks
RewriteEngine on

RewriteRule ^image/([0-9]+).png$ /image.png?id=$1 [nc]

Then you could call it by using something like this: http://jext.vectored...com/image/6.png


Also never trust that $id is automatically passed! You should know about this!
$id = (int)$_GET['id']; // And any other security measures here, such as striping tags, what-not, I would recommend a safe_query() custom function
$getdownloads = mysql_query("SELECT * FROM `downloads` WHERE `id` = '$id'") or die(mysql_error());

Unless in your configuration file you have some sort of method that automatically extracts and safe-guards all $_REQUEST (cookie, get, post) data, which would be ideal.

Edited by Demonslay, 17 November 2006 - 04:56 PM.

#3 rc69

    PHP Master PD

  • P2L Staff
  • PipPipPipPip
  • 3,827 posts
  • Gender:Male
  • Location:Here
  • Interests:Web Development

Posted 17 November 2006 - 05:02 PM

As there is only one query being executed, a custom function would be a waste of time, mysql_real_escape_string() is all you'll never need. Of course, since you're expecting a single integer for this particular query, casting it as an (int) is all you'll need to do as only the first set of numbers will get passed. No numbers, no $id, no worries...

But, this is a frequently asked question so please use the forum search.
Back to Programming and General Web Design · Next Unread Topic →


1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Pixel2Life Forum
  2. Help Section
  3. Programming and General Web Design