Outputing an Image from the database

Yes, this is possible. Whenever you are generating an image with PHP, you need to do it in a separate PHP file. That is because images are treated as a separate HTTP request altogether.

Include their avatar just like a normal image:

<img src="/path/to/avatar/script.php" />

And then your avatar script will first set the JPEG header, then get the image data from the database, and then output only that image.

I am not clear on why you would store your images in a database? Conventionally storing them in their own folder has a number of advantages -- ability to prevent indexing and hot-linking among them. Most hosts are set up to deliver .gif .png and .jpg files with the correct MIME type, saving you the trouble.

I would have thought that storing just the URL to the image would serve your purpose(?).

I would have thought that storing just the URL to the image would serve your purpose(?).

Usually what I do is just give the avatar the filename of the unique ID in the database. So if somebody registers, and they get the id 120 in the DB, then their avatar will be /avatars/120.pg or something.

Storing it in the database eliminates the need to directly write to the filesystem which is a security risk in some hosting setups. It does have its drawbacks though. Fetching an image from a server takes next to no resources, but calling the PHP engine, connecting to the database, finding the record, and building the JPEG does take a bit of resources, and you will feel it with the site grows, especially if no caching is in place.

FYI Drupal with the Avatar Selection module will handle this for you

I also take care of a non-Drupal site with user pics, which get processed to 4 different sizes and are stored in separate image directories, with filename stored in the database.

Thank you all so much for your help, I have managed to do it now!

Take a look

Again thank you

If you notice any bad points about the site please let me know, I could do with a few pointers, but most of it is not even uploaded yet so not much to evaluate.

Oh, and another thing, with having the images in the database, are there any extra security pre-cautions I should take?

Peace.
Relentless.

@decibel.places

Thanks for the post, but I am coding my own CMS to learn, plus I enjoy coding so using another CMS is not what I am looking for

Cheers though.

Relentless.

Oh, and another thing, with having the images in the database, are there any extra security pre-cautions I should take?

As long as you are escaping that image_id variable, you should be good. Glad to see you got it working.

Thanks all again for your help! you guys are a god sent

By escaping what do you mean exactly?

When I get input before I put it into a query I do mysql_real_escape_string() and if it is an int I always cast (INT)just to make sure. So I have done this with the other image properties, anything else need doing?

Thank you!
Relentless.

I believe you should also run images through mysql_real_escape_string(). I mean the image blob itself, otherwise you'll end up sucking as badly as ExpressionEngine.

Casting numeric input as (int) is, as you say, a good idea.

Cool, thanks again! I will keep posting questions as I think of them if that is ok, it has been really helpful getting some professional responses and feedback.

Oh!, another one

I have a method of checking for online users but is there any articles/tutorials to methods that you would recommend I should implement?

Thanks and Peace.

Relentless.

I have a method of checking for online users but is there any articles/tutorials to methods that you would recommend I should implement?

The best way to check to see if they are online would be to log their last page view on their session. Then, determine if they are still online based on when they last viewed a page on your site.

Agreed with pr0gr4mm3r here, most 'online' indicators just show whether the user has viewed a page within the last 15 minutes.

Great, thank you for the tip

At the moment I am looking at recoding the whole site! because I have been looking at OO PHP. What are your views on this? I have done OOP in C# so have most of the methodology down. Just need to time to learn the implementation.

Cheers,
Relentless.

OO programming in my opinion is way better and much more organized. You may also want to look into the MVC approach. I always follow both of these techniques for my PHP applications, and it makes them much more manageable.

Thanks, I have heard of the model view controller approach before. unfortunately, I don't have that much spare time on my hands at the moment, so diving head first into OO PHP is not my best option, I will continue building my site old school for now while learning about OO PHP, and we will see that happens

I am having some problems with this bit of code!

if($_SESSION['username'] != $v_author) {
$update_reads = $v_reads + 1;
$rq = "UPDATE articles SET reads='$update_reads' WHERE id='$v_id'";
$rr = mysql_query($rq, $conn) or die("Could not update reads, Error: " . mysql_error());
}

I get the following error:

Could not update reads, Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'reads='46' WHERE id='3'' at line 1

The values are correct, it just seems that mysql_query() does not like something xD any ideas?

Thank you all again,
Relentless.

Looks like your problem is that you are using a reserved word in your query as a column name, in this case "reads". You can do that, but you need to use the backquotes (`) around that column name, so your query would look like this:

UPDATE articles SET `reads` = '46' WHERE id = '3'

Sorted thank you!

The only problem now is, every time the page refresh it classes it as a new read :S

Any thoughts on a way to implement a better system?

Thank you all sooooooooooo much!

Relentless.

Glad to help .

Well...you are going have to store more information about the page view if you are going to tell the difference between a unique hit and a repeat hit.

One option is to map their IP addresses. This is the easiest method to implement, but it has faults. If a page gets attention on a large campus or company network, your statistics won't show it because it all comes from the same IP.

The other option is to set a cookie on the user's computer. This takes a bit more code, and it won't work if the visitor doesn't accept cookies, but most do these days, and I think that would be the better option. All you would have to do is store a value in a cookie that you would check for to determine if it's a repeat visit or not.

Excellent, thanks again

I will have a look at a way to implement this, need to do some googeling

Just finished the Article comment system

Relentless.

Not a problem. Good luck with your web application. I find coding PHP sites from scratch quite enjoyable as well as a valuable learning experience.

Amen to that.

Even though I may not be coding with the latests technology or OO PHP I am still enjoying the learning experience. I am trying to concentrate on security, I am attempting to incorporate login attempt logs so each user can see if anyone has been trying to login with their account, which I believe will not only benefit the users but me the administrator as well. I am looking for the best way to change passwords and such too, maybe the password should just be sent to the registered e-mail in plain text, or should it be re-set? And if the re-set option is chosen then maybe it should only be allowed within a time limit and on the same IP address. For example a user clicks "Reset Pass" a reset email is then sent to the registered email address saying you have 1 hour to click this link, using this IP address. But I believe this could cause many problems. What do you all think? Know of any interesting articles related to this?

Thanks all again,
Relentless.