show logo in html without showing url in source

Question

i am trying to display an image in HTML using:

<img src="/logo.php?seq=5" />

then logo.php looks like:

<?php
$sql="SELECT * from reseller where sequence = '".$_GET["seq"]."' ";
$rs=mysql_query($sql,$conn);
$result=mysql_fetch_array($rs);

echo '<img src="http://www.integradigital.co.uk/customer/'.$result["logo"].'" />';
?>

but its not working - whats the best way to do this so the user seeing the image cannot look at the URL of the image. if they open the image in its own window i want them to see something like http://www.domain.com/logo.php?seq=5 ???

Why don't you place a div instead and set logo as background image so that it will not be straight forward URL to show. — Ganesh Pandhere, Sep 18 '13 at 10:39
i thought about that but if the user looks in the CSS it will show the url — charlie, Sep 18 '13 at 10:40
Define "cannot look at the URL." Even if it's referenced in CSS, the user can still look at it if they want to. — David, Sep 18 '13 at 10:40
**Danger**: You are using [an **obsolete** database API](http://stackoverflow.com/q/12859942/19068) and should use a [modern replacement](http://php.net/manual/en/mysqlinfo.api.choosing.php). You are also **vulnerable to [SQL injection attacks](http://bobby-tables.com/)** that a modern API would make it easier to [defend](http://stackoverflow.com/questions/60174/best-way-to-prevent-sql-injection-in-php) yourself from. — Quentin, Sep 18 '13 at 10:41

Rudolf · Accepted Answer · 2013-09-18T11:13:22.467

2

Use readfile() to read the image in the image.php:

// Read URL from database
$sql    = "SELECT * from reseller where sequence = '" . $_GET["seq"] . "'";
$rs     = mysql_query($sql,$conn);
$result = mysql_fetch_array($rs);

// Generate path
$path = '/customer/' . $result["logo"];

// Set proper headers
$headers = get_headers( $path );

foreach( $headers as $h )
    if( strpos( $h, 'Content-Type:' ) !== false )
        header( $h );

// Send file to user
readfile( $path );

Then PHP reads the right logo and outputs it, the user won't be able to see the real path. You can link the logo like you proposed:

<img src="/logo.php?seq=5" alt="Logo">

edited Sep 18 '13 at 11:13

answered Sep 18 '13 at 10:42

Rudolf

1,807
2
18
31

1

You should also send a proper image header. – John V. Sep 18 '13 at 10:44
so if i use this in image.php or logo.php what do i use in the menu.php file? – charlie Sep 18 '13 at 10:45
1

You can just link it like you proposed: `` – Rudolf Sep 18 '13 at 10:46
im getting text like: ‰PNG IHDRè½6‘tEXtSoftwareAdobe ImageReadyqÉe – charlie Sep 18 '13 at 10:51
1

Try it again with the proper headers I added, that should solve it. – Rudolf Sep 18 '13 at 10:52
Warning: finfo_file() [function.finfo-file]: Failed identify data 0:(null) in /home/reseller/public_html/logo.php on line 13 – charlie Sep 18 '13 at 10:52
im getting these errors when i go to logo.php?seq=5 but on the menu.php page where i have its just showing a blank square - no imagae – charlie Sep 18 '13 at 10:53
Are you sure this is the right absolute path to the file? It might be something like `$_SERVER['DOCUMENT_ROOT'] . '/customers/'` instead. – Rudolf Sep 18 '13 at 10:55
1

I get the feeling they are actually separate sites, and the one that contains the actual images is separate hosting, he might need the full url (which I think `readfile` still supports). – John V. Sep 18 '13 at 10:57
That would indeed be very bad. Are the logos on the same server as your script @charlie? – Rudolf Sep 18 '13 at 10:59
yes they are 2 seperate sites - i have put the $path with the domain at the start – charlie Sep 18 '13 at 11:00
same server - 2 sites – charlie Sep 18 '13 at 11:01
@charlie Then in logo.php you need to use the path to the site that the images are stored on, preferable the full local path. (/home/reseller/public_html/ ?) – John V. Sep 18 '13 at 11:02
1

If they are on the same server, does one site have access to the files of the other? Is open_basedir activated? – Rudolf Sep 18 '13 at 11:03
im not sure - its not my server its with a hosting company – charlie Sep 18 '13 at 11:03
and no the sites dont have access to each other – charlie Sep 18 '13 at 11:07
Look at it now, it fetches the headers from the remote site. – Rudolf Sep 18 '13 at 11:07

show logo in html without showing url in source

1 Answers1