photo album info loaded from php/db

**mtran** · 05-06-2006, 09:30 PM

Hi,

I want to do a photo album: Index page list all thumbs. Click will lead to the larger image with info [date, with...,...] fed from a db.

With HTML: I need to have one html page for one large img, so if I have e.g. 100 thumbs, I need to have 100 html pages!!!

I know with php / mysql I can have only one page for the large img. How do I do it? Could you point me to some tutorial or better yet show me how to do it?

Right now, I have a db for all img: img_id, img_name, img_place, img_category. But have no clue about doing php.
Thanks

**djr33** · 05-06-2006, 09:43 PM

Well... there's a script here on DD that does exactly what you're saying.

However... here's what i'd suggest:

making the index with the thumbnails, in whatever way you want.
Have the images linked to:
http://.../bigimages.php?image=name

Then, on your next page, do something like:

PHP Code:


<?php
$img = $_GET['image'];
echo '<img src="http:/....yourdirectory/'.$img.'.jpg">';
?>

That example would make "name.jpg" appear on your page.

It needs work, but that depends on what you want, exactly.

That's 1 page, rather than 100. Which is nice

And... using a database would be the same idea.
Instead of ?image=name, use ?image=id.

Then on your next php page, get the id ($_GET['image']), and search the database for info about that image, display that, and you're done. Same idea.

**mtran** · 05-09-2006, 05:57 AM

Originally Posted by djr33

And... using a database would be the same idea.
Instead of ?image=name, use ?image=id.

Then on your next php page, get the id ($_GET['image']), and search the database for info about that image, display that, and you're done. Same idea.

Hi,

I'm still struggling with this, not yet have a file that works, and don't want to use the script that we already have in DD for photo album. I prefer your way.

Could you give an example of displaying the big img and e.g. img_place info from db? I'm not clear how things are connected. Thanks.

Ex:

index.php:
<a href="listing_detail.php?image=id"><img src="img/paparazzi_small.jpg" class="thumb"></a>

listing_detail.php file:
<?php
$img = $_GET['image'];
......
?>

mysql db:
1. id
2. bigImg_name
3. bigImg_place

How do I connect everything to img id?

Thanks a lot!

**djr33** · 05-09-2006, 07:06 AM

Look into mysql.
http://www.php-mysql-tutorial.com/
Great tutorial, I say.

basically, you just need to get the info (as shown very clearly there) and display where you want. ...like:

PHP Code:


echo $variable;

Your id, bigImg_name, etc etc aren't important. They will just be things in the database you will get with the rest of the data.

The tutorial should give you lots of (easy) info.

**mtran** · 05-09-2006, 07:31 AM

I've just found out a way to do:
In the index that lists thumbnails:I put e.g.:
<a href="listing_detail.php?id=23"><img src="img/paparazzi_small.jpg"></a>

and then in the listing_detail.php: I put:

$id = $_GET['id'];
$query="SELECT * FROM movie WHERE id='$id' ";
......

Is it the right way, and good way to do?Is it the same as what you showed me?

**djr33** · 05-09-2006, 07:16 PM

Yes. This is exactly what I was talking about. It'll work well

**Twey** · 05-09-2006, 07:46 PM

Is it the right way, and good way to do?

I haven't followed this thread, but that snippet of code, without relation to anything else, has one major problem. It's vulnerable to SQL injection attacks.
Say, for example, someone went to listing_detail.php?id=%3D%27%3Bdrop%20database%20dbname%3Bselect%20*%20from%20movie%20where%20id%3D%27

The query would become:

Code:

$query="SELECT * FROM movie WHERE id='';drop database dbname;select * from movie where id=''";

... which, unless you'd set up the permissions properly (which most people don't bother with), would spell doom for your database.
The solution is:

Code:

$id = mysql_real_escape_string($_GET['id']);

That must be called after mysql_connect().

**djr33** · 05-09-2006, 07:57 PM

For security, Twey is right. Don't think your script is wrong though... just that it isn't (now is, if you use his suggestion) secure.

**mtran** · 05-09-2006, 08:30 PM

Thanks Djr33 & Twey for your timely & knowledgeable help to all of my questions so far! Truly appreciated!!!

the SQL injection that Twey was talking about, is it able to delete my whole db?
Are there any more major security issues that php beginners like me should pay close attention to? Tks