Errors:
imagepng(): supplied argument is not a valid Image resource in /home/publicr/public_html/dynsigs/anything.php on line 29
Warning: imagedestroy(): supplied argument is not a valid Image resource in /home/publicr/public_html/dynsigs/anything.php on line 29

PHP:

<php><?PHP
function sql_sanitize( $sCode ) {

       if ( function_exists( "mysql_real_escape_string" ) ) { // If PHP version > 4.3.0
               $sCode = mysql_real_escape_string( $sCode ); // Escape the MySQL string.
       } else { // If PHP version < 4.3.0
               $sCode = addslashes( $sCode ); // Precede sensitive characters with a slash \
       }
       return $sCode; // Return the sanitized code
$dbhost = 'xxx'; $dbuser = 'xxx'; $dbpass = 'xxxx'; $dbname = 'xxxx'; if (isset($_GET['user'])) { $username = sql_sanitize($_GET['user']); } else { die("no charname given"); } $serverdesc = 'Majuzza Gaming: Roleplay Character Statistics'; $pathtoimg = 'stats_img.png';

//Connect to the database $conn = mysql_connect("$dbhost","$dbuser","$dbpass"); $db = mysql_select_db("$dbname"); $conn = mysql_connect($dbhost, $dbuser, $dbpass) or die ('Error connecting to mysql'); mysql_select_db($dbname);



//Pull the info from the row with $username as their name $query = "SELECT * FROM users WHERE username = '$username'"; $result = mysql_query($query); while($row = mysql_fetch_assoc($result)) {

   extract($row);
}

// Let's do a function, shall we? =D // Let's see if they are online and assign a variable if ($online == '0') { $reallyonline = 'Offline';	 } else { $reallyonline = 'Online';	 }


//Set up the image and font style(s) and color(s) Header ("Content-type: image/png"); $img_handle = imageCreateFromPNG("$pathtoimg"); $color = ImageColorAllocate ($img_handle, 0, 0, 0);


// Show your server's info, w00t! =D ImageString ($img_handle, 2, 25, 7, "$serverdesc", $color); //Show Players IGN and level ImageString ($img_handle, 3, 70, 23, "$name ($reallyonline)", $color); ImageString ($img_handle, 3, 70, 35, "Hours Played:", $color); ImageString ($img_handle, 2, 115, 35, "$hoursplayed", $color); // Show HP ImageString ($img_handle, 3, 70, 47, "Admin Level:", $color); ImageString ($img_handle, 2, 93, 47, "$adminlevel", $color); // Show Gold ImageString ($img_handle, 3, 70, 71, "Cash:", $color); ImageString ($img_handle, 2, 108, 71, "$money", $color);

ImagePng ($img_handle); ImageDestroy ($img_handle); //Close the Database connection just in case it didn't do it already mysql_close($conn);

?></php>

What is wrong?? :(.

The .png is in the same folder, and so is .htaccess, which is:

RewriteRule ^/([a-z]+)\.png$ /anything.php?user=$1

^ Webhost told me i dont need <PHP> tags in .htacess

Where is your $img_handle value ?

Member Avatar

this is a "cleaned" copy of your code. No code is run following 'return'. Why are there standalones after the function?

<?php
function sql_sanitize( $sCode ) {
	if ( function_exists( "mysql_real_escape_string" ) ) { // If PHP version > 4.3.0
		$sCode = mysql_real_escape_string( $sCode ); // Escape the MySQL string.
	} else { // If PHP version < 4.3.0
		$sCode = addslashes( $sCode ); // Precede sensitive characters with a slash \
	}
	return $sCode; // Return the sanitized code
	
	$dbhost = 'xxx'; $dbuser = 'xxx'; $dbpass = 'xxxx'; $dbname = 'xxxx'; 
	if (isset($_GET['user'])) { 
		$username = sql_sanitize($_GET['user']); 
	} else { 
		die("no charname given"); 
	} 
	$serverdesc = 'Majuzza Gaming: Roleplay Character Statistics'; 
	$pathtoimg = 'stats_img.png';
	extract($row);
}

ImagePng ($img_handle);
ImageDestroy ($img_handle); //Close the Database connection just in case it didn't do it already mysql_close($conn);
 
?>

Hi thanks ardav but that code didn't work, you deleted lots of the code it needed.

I re-added some of the code to yours but then i got these errors:

Warning: imagestring(): supplied argument is not a valid Image resource in

For this code:

ImageString ($img_handle, 2, 25, 7, "$serverdesc", $color);

I just followed an online tutorial to help me make dynamic signatures, and it will display fields in the MySQL database where the username is index.php?user=USERNAME, and it will display like my level, money etc on the picture.


Tutorial link: http://www.vbgore.com/Dynamic_Signature


I hope someone can help!

Member Avatar

I thought I just took out the comments. ANyway - this is wierd:

function sql_sanitize( $sCode ) {
 
       if ( function_exists( "mysql_real_escape_string" ) ) { // If PHP version > 4.3.0
               $sCode = mysql_real_escape_string( $sCode ); // Escape the MySQL string.
       } else { // If PHP version < 4.3.0
               $sCode = addslashes( $sCode ); // Precede sensitive characters with a slash \
       }
       return $sCode; // Return the sanitized code

see that

return $sCode

line? That halts all code execution after that point in the function

Oh, if you read my PM i want it, so if i type in http://website.com/index.php?='USERNAME', it will get the fields from 'USERNAME', but i want it so you cannot mySQL inject it.

Do you understand?? :(.

Member Avatar

I don't respond to PMs. All issues regarding a thread should be in the thread.

You include the function and two calls to other functions in your first post. You don't call sql_sanitize() anywhere other than within the function itself. SO the DB details are never initialized and there is no extract.

ImagePng ($img_handle); ImageDestroy ($img_handle);

I don't understand what these are supposed to do when $img_handle doesn't exists (AFAIK).

Can you help me or tell me what to do? I don't want explinations because i don't UNDERSTAND ANY of it!

Please, can you just help me....

Can you help me or tell me what to do? I don't want explinations because i don't UNDERSTAND ANY of it!

Please, can you just help me....

The forums are for helping you work out your programming problems. They aren't a "code on demand" service.

If you aren't willing to put any effort into it, post in the Web Development Jobs sections and pay someone to write it for you.

commented: Nicely put +13