开发者

phpthumb access images from multiple tables in db

开发者 https://www.devze.com 2023-01-31 00:00 出处:网络
I am able to retrieve images from a single table without problem, but I\'m not sure how it can work if I have images in different tables.

I am able to retrieve images from a single table without problem, but I'm not sure how it can work if I have images in different tables. Say I have two tables (images and category) which can contain images

    images          category
    -gallery_id     -cat_id
    -image_id       -image
    -image          

So I figure I can pass another parameter in the query string to specify which table

if(mysql_escape_string(@$_GET['type']) === 'icon')
   $PHPTHUMB_CONFIG['mysql_query'] = 'SELECT `image` FROM `category` WHERE (`cat_id` = \''.mysql_escape_string(@$_GET['id']).'\')';
else
   $PHPTHUMB_CONFIG['mysql_query'] = 'SELECT `image` FROM `images` WHERE (`image_id` = \''.mysql_escape_string(@$_GET['id']).'\')';

This one works fine

foreach($database->images->gallery_id($gal_id) as $v)
{
   $img = "<img src=\"/test/include/phpThumb_1.7.9/phpThumb.php?w=150&id={$v->image_id}\" />";
   echo "<li>{$img}</li>";
}

This fails with 'Forbidden parameter: type'

echo "<img src=\"/test/include/phpThumb_1.7.9/phpThumb.php?w=150&type=icon&id={$database->category($v->cat_id)->cat_id}\" />";

I was searching through the code but don't see anywhere that sets which parameters are 'allowed'.

So my questions are: Is this a good way to get images from multiple tables? If yes, how can I allow the 'type' parameter? I guess I could just put all images in one table but it d开发者_如何学编程oesn't seem like a good idea to me...

ps I posted this on the phpthumb support forum but didn't get any response, so I'm trying here. Haven't had much time to look into it since, hopefully I can make more time this weekend.

I'm using crdb for the $database object if anyone was wondering.


Shit, I feel stupid now

in phpThumb.php there is (on line 232) the $allowedGETparameters variable

$allowedGETparameters = array('type', 'src', 'new', 'w', 'h', 'wp', 'hp', 'wl', 'hl', 'ws', 'hs', 'f', 'q', 'sx', 'sy', 'sw', 'sh', 'zc', 'bc', 'bg', 'bgt', 'fltr', 'xto', 'ra', 'ar', 'aoe', 'far', 'iar', 'maxb', 'down', 'phpThumbDebug', 'hash', 'md5s', 'sfn', 'dpi', 'sia', 'nocache');

Can't believe I missed that, I must've checked every file except that one

0

精彩评论

暂无评论...
验证码 换一张
取 消