How to randomly retrieve images from my mysql database?

Question

Okay, so I\'ve made one php file to output the images this is the sample code for the output page:

mysql_connect (\" \",\" \",\" \") or die(mysql_error()); mysql_select_

Answer 1

Cleaning up:

$result = mysql_query("SELECT * FROM store ORDER BY RAND()");

while($row = mysql_fetch_assoc($result)){       
    echo '<img src="get.php?id='.$row[id].'" />';
}

You can also echo mysql_error(); to see if there are any errors in your mysql statements.

You should also use mysql_real_escape_string() instead of addslashes()

Or consider PDO for an even more secure solution.

To debug, go to get.php?id=1. If you see an image get.php is working and the main file is not.

Have you made sure that get.php connects to the database as well as the main file?

Answer 2

There are some illogical things in this script.

1. You select EVERYTHING from store (* equals all fields). This is very, very expensive. If you want to use this you should use SELECT COUNT(id) FROM store.

2. You use the count, to LIMIT. But the limit will always be the same as the amount of rows. Which makes LIMIT irrelevant?

3. You should not use addslashes for escaping your values. Use mysql_real_escape_string instead. Check it out here.

I am not sure what values are in your database, perhaps you could post some? Perhaps you need to perform strip slashes, since you probably save values with slashes in your database?

Answer 3

All I'm getting are a series of torn page icons on the output page.

In fact, you create kind of "denial of service" attack against your site, mking it run dozens PHP scripts and opening dozens sql connections per single page request. No wonder yor server being overloaded with such a flood and shows no pictures.

Also note that your code suffering from SQL injection.
Either change addslashes to intval() or add quotes around $id in the query (otherwise escaping will make no sense)