使用PHP顯示來自外部Web根文件夾的所有圖像

Question

我想要顯示存儲在我的Web根文件夾之外的所有圖像。請幫幫我。我只能重複顯示一個圖像。例如，如果我的文件夾中有5個圖像，我的瀏覽器上僅顯示一個圖像5次。請幫助我。我已經在這個問題上工作了一個多月了。我是新手。幫幫我。謝謝。這是我正在使用的代碼。

images.php

<?php 
    // Get our database connector 
require("includes/copta.php"); 

// Grab the data from our people table 
$sql = "select * from people"; 

$result = mysql_query($sql) or die ("Could not access DB: " . mysql_error()); 

$imgLocation = " /uploadfile/"; 

while ($row = mysql_fetch_array($result)) 
{ 
    $imgName = $row["filename"]; 
    $imgPath = $imgLocation . $imgName; 

    echo "<img src=\"call_images.php?imgPath=" . $imgName . "\" alt=\"\"><br/>"; 
    echo $row['id'] . " " . $imgName. "<br />"; 

} 

?> 

call_images.php

<?php 
    // Get our database connector 
require("includes/copta.php"); 

$imgLocation = '/ uploadz/'; 

$sql = "select * from people"; 

$result = mysql_query($sql) or 
    die ("Could not access DB: " . mysql_error()); 

while ($row = mysql_fetch_array($result)) { 

    $imgName = $row["filename"]; 
    $imgPath = $imgLocation . $imgName; 


    // Make sure the file exists 
    if(!file_exists($imgPath) || !is_file($imgPath)) { 
     header('HTTP/1.0 404 Not Found'); 
     die('The file does not exist'); 
    } 

    // Make sure the file is an image 
    $imgData = getimagesize($imgPath); 
    if(!$imgData) { 
     header('HTTP/1.0 403 Forbidden'); 
     die('The file you requested is not an image.'); 
    } 


    // Set the appropriate content-type 
    // and provide the content-length. 

    header("Pragma: public"); 
    header("Expires: 0"); 
    header("Cache-Control: must-revalidate, post-check=0, pre-check=0"); 

    header("Content-Type: image/jpg"); 
    header("Content-length: " . filesize($imgPath)); 

    // Print the image data 
    readfile($imgPath); 
    exit(); 

} 
?> 

Answer 1

問題是你不解析查詢字符串變量傳遞給call_images.php，而是運行相同的數據庫查詢，這將僅返回數據庫每次返回的第一個映像。這是一個（希望）更正版本。

<?php 
// Get our database connector 
require("includes/copta.php"); 

$imgLocation = '/ uploadz/'; 

$fn = mysql_real_escape_string($_GET['imgPath']); 

$sql = "select filename from people WHERE filename = '{$fn}'"; 

$result = mysql_query($sql) or 
    die ("Could not access DB: " . mysql_error()); 

if (mysql_num_rows($result) == 0) { 
    header('HTTP/1.0 404 Not Found'); 
    die('The file does not exist'); 
} 
$imgName = mysql_result($result, 0, 0); 
$imgPath = $imgLocation . $imgName; 

// Make sure the file exists 
if(!file_exists($imgPath) || !is_file($imgPath)) { 
    header('HTTP/1.0 404 Not Found'); 
    die('The file does not exist'); 
} 

// Make sure the file is an image 
$imgData = getimagesize($imgPath); 
if(!$imgData) { 
    header('HTTP/1.0 403 Forbidden'); 
    die('The file you requested is not an image.'); 
} 


// Set the appropriate content-type 
// and provide the content-length. 

header("Pragma: public"); 
header("Expires: 0"); 
header("Cache-Control: must-revalidate, post-check=0, pre-check=0"); 

header("Content-Type: image/jpg"); 
header("Content-length: " . filesize($imgPath)); 

// Print the image data 
readfile($imgPath); 
exit(); 
?> 

瞭解這些變化是什麼：

• $fn = mysql_real_escape_string($_GET['imgPath']);讓你通過查詢字符串傳遞的變量，然後逃逸，所以我們可以再次通過數據庫運行它。通過這種方式，我們可以確定用戶沒有使用相對路徑來嘗試公開他們不應該訪問的映像（除非您有數據庫記錄;安全性是您所做的）。
• 我完全刪除了循環，沒有必要
• 我用mysql_result()因爲我們只需要一個字段的數據。
• 我建議切換readfile()爲fpassthru()，這需要調用fopen，但不會緩衝內存中文件的內容。