{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 Bombasti 的问题《How to randomly retrieve images from my mysql data》','https://www.manongdao.com/q-447756.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
Okay, so I've made one php file to output the images this is the sample code for the output page:
mysql_connect (" "," "," ") or die(mysql_error()); mysql_select_db (" ") or die(mysql_error());
$query = mysql_query("SELECT * FROM store");
$number=mysql_num_rows($query);
$result = mysql_query ("SELECT * FROM store ORDER BY RAND() LIMIT $number");
while ($row = mysql_fetch_assoc($result))
{
echo '<img src=get.php?id=$row["id"]>';
}
The get.php that the img tag is referring to has this code:
mysql_connect (" "," "," ") or die(mysql_error()); mysql_select_db (" ") or die(mysql_error());
$id = addslashes ($_REQUEST['id']);
$query = mysql_query("SELECT * FROM store WHERE id= $id ");
$row = mysql_fetch_array($query);
$content = $row['image'];
header('Content-type: image/jpg');
echo $content;
All I'm getting are a series of torn page icons on the output page. I could have made a very simple mistake seeing as how I am still learning php. Thanks in advance.
In fact, you create kind of "denial of service" attack against your site, mking it run dozens PHP scripts and opening dozens sql connections per single page request. No wonder yor server being overloaded with such a flood and shows no pictures.
Also note that your code suffering from SQL injection.
Either change addslashes to
intval()or add quotes around $id in the query (otherwise escaping will make no sense)There are some illogical things in this script.
You select EVERYTHING from store (* equals all fields). This is very, very expensive. If you want to use this you should use SELECT COUNT(id) FROM store.
You use the count, to LIMIT. But the limit will always be the same as the amount of rows. Which makes LIMIT irrelevant?
You should not use addslashes for escaping your values. Use mysql_real_escape_string instead. Check it out here.
I am not sure what values are in your database, perhaps you could post some? Perhaps you need to perform strip slashes, since you probably save values with slashes in your database?
Cleaning up:
You can also
echo mysql_error();to see if there are any errors in your mysql statements.You should also use mysql_real_escape_string() instead of addslashes()
Or consider PDO for an even more secure solution.
To debug, go to get.php?id=1. If you see an image get.php is working and the main file is not.Have you made sure that get.php connects to the database as well as the main file?