php image-gallery

[Manwe]

Alright, I've been looking up and down this code a couple of times now. And I've read through yor tips several times...But I seem to be stuck a one point:
I've made the menu, but I don't understand how I'm supposed to make the links work...

This is the code so far (bear with me, it's messy cause I've been testing a lot):

Code:

<?php
	header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
	header("Cache-Control: no-cache");
	header("Pragma: no-cache");
?>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
	<head>
		<title>A PHP-Site</title>
	</head>

	<body>
	<?php
		echo "\t<center><h2>This page has a body of pure PHP</h2></center>\n";

		mysql_connect('localhost','root')
			|| die(mysql_error());
		@mysql_select_db(thorbear)
			|| die("Unable to select database");

		//Skriver ut alt i tabellen
		$query = mysql_query('SELECT * FROM gallery');
		$num_rows = mysql_num_rows($query);
		$i = 0;
		if ($num_rows == 0)
		{
			echo "<b>No galleries in database</b>";
		}
		else
		{
			while ($i < $num_rows)
			{
				$GID = mysql_result($query,$i,"GID");
				$name = mysql_result($query,$i,"name");
				echo "\n\t\t<a href=\"purePHP.php?\$galleryid=$GID\">$name</a><br />";
				$i++;
			}//while
		}

		$query2 = mysql_query("SELECT * FROM image WHERE GID = '$galleryid'");
		$num_rows2 = mysql_num_rows($query2);
		$i2 = 0;
		if ($num_rows2 == 0)
		{
			echo "<b>No images in selected gallery</b>";
		}
		else
		{
			while($i2 < $num_rows2)
			{
				$ImID = mysql_result($query2,$i2,'ImID');
				$alt =	mysql_result($query2,$i2,'alt');
				$adress =	mysql_result($query2,$i2,'adress');
				echo "\n\t\t<img src=\"$adress\" alt=\"$alt\">";
				$i2++;
			} // while
		}

		mysql_free_result($query);
		mysql_free_result($query2);
		//Lukker koblingen til databasen
		mysql_close();

		echo "\n\t\t<p>&copy; Thorbear Incognito</p>\n";
	?>
	</body>
</html>

I now have a database with 2 tables 'gallery' and 'image' where gallery contains GID (GalleryID) and name, image contains ImID (ImageID), GID, adr (filepath) and alt (alt name).

[StevenWWinters]

I've made the menu, but I don't understand how I'm supposed to make the links work...

Can you elaborate on what you mean here? Are you speaking of hyper links, or something else? Do you have a sample page we can view to see what you are trying to do?

[stlewis]

Hi

Would this help: http://www.sitepoint.com/article/php...system-minutes ?

If your folder structure is say:

pictures
- 123.jpg
- 124.jpg
php
- gallery.php

Then gallery.php must echo with ../pictures/ and then the filename.

[Suvek]

HTML Code:

echo "\n\t\t<a href=\"purePHP.php?\$galleryid=$GID\">$name</a><br />";

These links don't work as expected, am I correct?

"$" symbol is not used in query string variable names but you use "\$galleryid". That won't work Try changing it to this:

HTML Code:

echo "\n\t\t<a href=\"purePHP.php?galleryid=$GID\">$name</a><br />";

And you may also need to change this MySQL query (depends on your PHP configuration):

HTML Code:

$query2 = mysql_query("SELECT * FROM image WHERE GID = '$galleryid'");

to

HTML Code:

$query2 = mysql_query("SELECT * FROM image WHERE GID = '".$_GET['galleryid']."'");

[remi]

Hi Suvek,

that's insecure code:

HTML Code:

$query2 = mysql_query("SELECT * FROM image WHERE GID = '".$_GET['galleryid']."'");

Such a code is open to SQL injections, please don't do that.

see also: Wikipedia article about SQL injection

Remi

[Suvek]

code is open to SQL injections, please don't do that.
Remi

Right, I should have mentioned that Thanks
But to make it clear (well it is probably obvious ) - SQL injection is a threat in both code versions - doesn't matter if you access that GET var as $galleryid or $_GET['galleryid']. My original point that $galleryid may not work directly remains the same.

[remi]

Yes, the whole code from Manwe is insecure.
And the variable $galleryid has no value (it's simply not set to a value, so far).

Regards,
Remi

[Manwe]

Accally, I had my main problem fixed before you guys managed to answer
But these last posts has made me uncertain of my code, Suvek did indeed point out my problem, and I accually used that way of fixing it.

Code:

<?php

mysql_connect('localhost','thorbear','xxx')
	|| die(mysql_error());
@mysql_select_db('thorbear')
	|| die("Unable to select database");

//Skriver ut alt i tabellen
$query = mysql_query('SELECT * FROM gallery');
$num_rows = mysql_num_rows($query);
$i = 0;
if ($num_rows == 0)
{
	echo "<b>No galleries in database</b>";
}
else
{
	echo "<table border=\"0\" align=\"center\"><tr>";
	while ($i < $num_rows)
	{ //while
		$GID = mysql_result($query,$i,"GID");
		$name = mysql_result($query,$i,"name");
		echo "\n\t\t<td class=\"center\"><a href=\"pictures.php?galleryid=$GID\">&nbsp;&nbsp;$name&nbsp;&nbsp;</a></td>";
		$i++;
	}//while
	echo "</tr></table>";
}

mysql_free_result($query);
mysql_close();


mysql_connect('localhost','thorbear','xxx')
	|| die(mysql_error());
@mysql_select_db('thorbear')
	|| die("Unable to select database");

$query2 = mysql_query("SELECT * FROM `image` WHERE `GID` = '".$_GET['galleryid']."'");
$num_rows2 = mysql_num_rows($query2);
$i2 = 0;
if ($num_rows2 == 0)
{
	echo "<br /><br /><b>Please select a category</b>";
}
else
{
	while($i2 < $num_rows2)
{
	$ImID = mysql_result($query2,$i2,'ImID');
	$alt = mysql_result($query2,$i2,'alt');
	$adress = mysql_result($query2,$i2,'adress');
	echo "\n\t\t<a href=\"$adress\"><img height=\"200px\" src=\"$adress\" alt=\"$alt\"></a>";
	$i2++;
} // while
}

mysql_free_result($query2);
//Lukker koblingen til databasen
mysql_close();

echo "\n\t\t<p>&copy; Thorbear Incognito</p>\n";
?>

Now, insecure?
I would like to know how...why?
I haven't really looked innto "secure php" because I was under the impression that none but those with ftp access could view anything but the html output...

PS. The code is still quite messy case I haven't clean-written it yet :P
The script is in use at my homepage www.thorbear.tk under Pictures.

[remi]

The problem is, that you use the original content of "galleryid" without escaping. I could delete the contents of your whole SQL table, right now. I wouldn't post the necessary inputs to do this. But it's really possible with your code.

You should invest some time in learning to code secure PHP scripts. I would recommend the following book: "Innocent code - A Security Wake-Up Call for Web Programmers" from Sverre H. Huseby. Sverre comes from Oslo, therefore it could be, that his book is also available in Norwegian and perhaps you'll find it in the nearest public library.

Remi

[Suvek]

To tell the truth it does not look so bad. (Maybe my abilities are so bad ) I've tried simple modification of that SQL query without success. Looks like PHP uses Magic Quotes and makes the code safer.