I am attempting to download images saved in a url to a local folder, and have made the following attempt at doing so with curl. I would like to know if it is necessary to include curl or download it seperateley, or if my function will just work. I would like to know if there are any obvious problems with my implementation below. I am aware of the sql vulnerability and I am switching to prepared statements. I have trimmed non relevant parts of the code for brevity.
edit: the function is out of the while loop. The page displays if I comment out the call the the function, otherwise I only get a blank page. Why is this
<?php
header("Content-Type: text/html; charset=utf-8");
if (isset($_GET["cmd"]))
$cmd = $_GET["cmd"];
else
die("You should have a 'cmd' parameter in your URL");
$pk = $_GET["pk"];
$con = mysql_connect("localhost","someuser","notreal");
if(!$con)
{
die('Connection failed because of' .mysql_error());
}
mysql_query('SET NAMES utf8');
mysql_select_db("somedb",$con);
if($cmd=="GetAuctionData")
{
$sql="SELECT * FROM AUCTIONS WHERE ARTICLE_NO ='$pk'";
$sql2="SELECT ARTICLE_DESC FROM AUCTIONS WHERE ARTICLE_NO ='$pk'";
$htmlset = mysql_query($sql2);
$row2 = mysql_fetch_array($htmlset);
$result = mysql_query($sql);
function savePicture($imageUrl) {
$ch = curl_init();
curl_setopt ($ch, CURLOPT_URL, $lastImg);
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, 0);
$fileContents = curl_exec($ch);
curl_close($ch);
$newImg = imagecreatefromstring($fileContents);
return imagejpeg($newImg, "./{$pk}.jpg",100);
}
while ($row = mysql_fetch_array($result))
{
$lastImg = $row['PIC_URL'];
savePicture($lastImg);
<div id='rightlayer'>
<img src='./".$pk.".jpg' width='".$outputWidth."' height='".$outputHeight."'>
</div>
</div>
</div>";
}
}
mysql_free_result($result);