I have to store complete Word Document(.docx) file into MySql database by using Php code.
ITs a good Idea t store files in database for security BUT
i have script that do just that but when i download a file they are unreadable for example if i download a winrar i get the corupted file by wirar
let’s make it work for both of us
upload.php
[php]
File $fileName uploaded
"; } } ?>
download.php
[php]
$query = “SELECT id, name FROM files”;
$result = mysql_query($query) or die(‘Error, query failed’);
if(mysql_num_rows($result) == 0)
{
echo "Database is empty
";
}
else
{
while(list($id, $name) = mysql_fetch_array($result))
{
echo "<a href='download.php?id={$id}'>$name</a><br>";
}
}
echo $id;
if(isset($_GET[‘id’]))
{
$id= $_GET[‘id’];
$query = “SELECT name, type, size, content FROM files WHERE ID = ‘$id’”;
$result = mysql_query($query) or die(‘Error, query failed’);
list($name, $type, $size, $content) = mysql_fetch_array($result);
// header(“Content-length: $size”);
// header(“Content-type: $type”);
// header(“Content-Disposition: attachment; filename=$name”);
//===============================
header(“Pragma: public”); // required
header(“Expires: 0”);
header(“Cache-Control: must-revalidate, post-check=0, pre-check=0”);
header(“Cache-Control: private”,false); // required for certain browsers
header(“Content-Type: $type”);
header(“Content-Disposition: attachment; filename=$name”);
header(“Content-Transfer-Encoding: binary”);
header("Content-Length: ".$size);
echo $content;
mysql_close($conn);
exit;
}
?>
[/php]I have looked over this script over and over and irs works fine but lol the files are not usable after u download them
I know what is wrong but I do not know how to fix it
I uploaded a text files contain plain text “this is just a test!!!”
when i downloaded, the file contains is the following
<html>
<head>
<title>Download File From MySQL</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body>
<a href='download.php?id=1'>GPU_Rebate.pdf</a><br><a href='download.php?id=2'>GPU_Rebate.pdf</a><br><a href='download.php?id=3'>PSU_Rebate.pdf</a><br><a href='download.php?id=4'>Rebates.zip</a><br><a href='download.php?id=5'>Rebates.zip</a><br><a href='download.php?id=6'>IMAG0156.jpg</a><br><a href='download.php?id=7'>Auto Typer.exe</a><br><a href='download.php?id=8'>Auto Typer.vshost.exe.manifest</a><br><a href='download.php?id=9'>Auto Typer.vshost.exe</a><br><a href='download.php?id=10'>Auto Typer.vshost.exe.manifest</a><br><a href='download.php?id=11'>klktudice.kdbx</a><br><a href='download.php?id=12'>IMAG0158.jpg</a><br><a href='download.php?id=13'>Settings.txt</a><br><a href='download.php?id=14'>help to remember forgotten password.txt</a><br><a href='download.php?id=15'>we3r4.txt</a><br>this is just a test!!!!!!!!and i add the end “this is just a test!!!”
Tossing in further info…
If you load a file into a variable, it is loaded with all kinds of issues. It could contain code that when
retrieved could activate and run a malicious program. So, if someone is loading and storing a word doc,
make sure it is virus checked after it is retrieved. Or, at the least, make sure you tell the retrieving user
that THEY should virus check it.
Also, when up load a file into a variable to store in a database, you should do so as a binary format.
In this way you can retrieve as a binary format and then save it in it’s original format. If you try to use
other encoding to add or removing formatting, it will never be the same file. It must be done in binary
to make sure that nothing has been altered.
Hope that makes sense… Good luck and let us know either way if it is solved…
ErnieAlex ,
I understand the virus checking thing , for now i don’t need it is for personal use and not on a public site
can you look at the code that i posted and see if there anything wrong on how i store and send the headers?
Well, there is no need what so ever for using headers… If you use headers, you end up needing to set it up
exactly correct and would run into problems with different types of files or revisions inside the headers.
In my humble opinion, you should just upload the file which places it in a temp file and then move it to a folder.
Once there, you can load that directly into a variable and then store it into the database. Doing this way, the
code doesn’t care what is inside the file, it just gets it as binary data and you can store it as a “blob”. In this
way, the file should be as-is. No changes to headers or anything…
Of course, this really depends on what you want to do with it once it is inside the database. Were you using
this as a backup system? Backing up Doc’s to the database? Normally, this would be done with just saving
the uploaded files in a hidden folder and saving the location and name in the database. Saving docs inside of
a database can cause a large database and is time consuming retrieving them. If you really want them in the
database for security, you do it the way I mentioned.
I think you have the uploading figured out. Just use the “move_uploaded_file()” function to move it from the
temp folder a live folder. (Temporarily as you will delete it once it is in the database.) And, then load the live
file into a variable. Here is how I do it:
[php]
$myFile = “SomeFolderName/Filename1.docx”;
$file_header = fopen($myFile, ‘rb’);
$file_data = fread($file_header, filesize($myFile));
fclose($file_header);
[/php]
So, this routine will load the file in binary format. You can then, just write it to your database.
There are sometimes issues with packet size as the entire file will display in the query when you write
to the database. So, you may have to alter your query to handle this. But, something like this should
work…
Hello ErniexAlex,
[ol][li]I upload file to the server[/li]
[li]read the content into a variable[/li]
[li]insert the file’s content into database[/li]
[li]if query succeed I delete the file from server[/li][/ol]
you can see the live version at
http://wilson382.info/pages/files/download.php
this is the code for upload
[php]
[/php]
but that still don’t work i’m getting the same exact result as without uploading to the server. maybe the error is on my download file?
Okay, well, first you should debug some of the obvious possible issues. I would start by making sure the file was uploaded correctly. So, just before this line:
if (move_uploaded_file($tmpName,$upload_dir))
Add these lines:
[php]
echo $tmpName . “
” . $upload_dir;
die();
[/php]
What this will do is show you the temporary name which should be some random chars and the actual
upload dir. The upload dir should be the upload FOLDER and the upload FILENAME. It should be something
like SOMEFOLDER\FILENAME1.DOCX or whatever… Once you verify that both of these are correct, we
can move on to other debugging. But, this is where you should start. Once a file is uploaded, it is inside the
server’s temp folder under a name that the PHP system creates. You have to move that file to the file resting
place and rename the filename to whatever you want it to be. If you just want a copy of it without renaming,
that is okay and just use the $_FILES[‘name’] as the ending part of your $upload_dir …
Hope that makes sense. Test this and let us know what you get for an output…
i tried a file named remember.txt and i got the following
/tmp/phpDUXiEm
upload/remember.txtwhich seen correct
Okay, that is working correctly. The /tmp/phpDUXiEm is the temporary file that is used when you “POST” your form to the PHP file. PHP uses the server’s “tmp” folder and makes up a temporary file name that starts with “php” and does not contain an extension. All is 100% correct there.
The folder name upload/remember.txt is correct, too.
I tested the link you posted. I downloaded your test.txt file and renamed it to test222.file and uploaded it and all is well. So, all of your downloading, uploading and upload-folder display is all working well.
So, I am assuming that it is just the database storage that is causing you an issue. Correct?
I looked at your code and see two issues… First, this line:
$file_data = mysql_real_escape_string($file_data) or die("unable to add slahshes");should not be used. It will alter the data of the live file. The file will be changed and encoding inside of the file will damage it. You must remember that a file loaded as binary should be an image of the file. This image will contain whatever the data uses as encoding. So, if it is a .docx file, there are TONS of encoded items such as font's, letter style's, html, paragraph encoding and thousands of other special items. Each have their own encoding formats. If you remove a slash or other "escape_string", you will damage the format of the entire file. Not to mention it will alter the CRC value and your file will no longer work at all. So you should remove this line!
Lastly, you do not have any type of real error display for your query. If the query fails, it does not explain
the error. You can fix this in this manner… Change this section:
$q = "INSERT INTO files (name,type,size,content) VALUES "; $q .= "('$fileName','$fileType','$fileSize','$file_data')"; $result = mysql_query ($q) or die(mysql_query());To something like this: [php] $q = "INSERT INTO files (name,type,size,content) VALUES "; $q .= "('$fileName','$fileType','$fileSize','$file_data')"; $result = mysql_query ($q); if (mysql_errno()) echo "MySQL error ".mysql_errno().": ".mysql_error()."
When executing:
$q
"; [/php] What this does is execute the query and if an error exists, it displays the MySQL error number and the full error message. If the INSERT fails, it should show you what is failing not just that it did fail... And, one final thought, you can not INSERT into the database if the record is already in the database. You should check your database to see if there are entries already entered for the one you are INSERTing. This would be done by running another query first and checking for the filename. If it returns a row of data for the filename, then, you should mention this to the user so they do not overwrite the original file. You could just ask the user to rename the file. I would add a section to your test page where it shows the uploaded files and run a query on your database to pull all of the file stored in it and list them as "uploaded files stored in database", maybe in a second column so you could compare them to the uploaded folder versions...
Well, hope all this helps. Let us know what is not working and we can help you finish it up.
Looks like you are close…
Hi thank you for repplying,
i started this project for almost a year and i struggled too much to make it work that gave up on it one day and because the thread started posted this i remembered about this project
$file_data = mysql_real_escape_string($file_data) or die("unable to add slahshes");
I added this intentionally because the query fail if it contains characters not supported
i removed as you said, now anything that is a non txt file will fail in the query. should i add addslashes?
about the overwrite in database it will not overwrite i have primary key ID AUTO INCREMENT, but i will consider doing that later i want to make it work for now.
Im more than sure that the problem is not the upload but the download. take a look at the download script on my previous post. because look if i insert a txt file containing inside “Hello world” when i downloaded it contains "
Download File From MySQL Go to Upload Page!Assignment01.doc
Assignment02.doc
remember.txt
Settings.txt
test.txt
Hello world"
as you can see hello world text is still there but appended to the end. Now if on my upload script i echo the content of txt file i will get the right content “Hello world”. that is why i think the problem is on my download script.
also those HTML code that comes with the file is the same as the HTML Source code of the download script
You can not add slashes or remove them if you are reading the file in binary. It must be un-touched! Or, it will not be the same file and all will break.
You said you are getting query errors if you do not use the slashes. What exact errors are you getting?
Did you replace your version with mine to display the true error messages?
Also, make sure you are showing ALL error messages.
Let me know the real error message and error number and we can figure it out…
Hi Erniex,
Yea i replaced my query with yours
the following error ocurred when i tried upload helloworld.docx
MySQL error 1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '½ÒnV²ÉK~ϲ„Â)a¼ƒ’m ±Ñðúj0ÙHu»T²9bxà<É9X‘ ÀQ¥òÑ ¤×8ãAÈO1~ÛëÝqé‚Ãk6When executing: INSERT INTO files (name,type,size,content) VALUES ('Hello World.docx','application/vnd.openxmlformats-officedocument.wordprocessingml.document','9940','PK!Ýü•7f [Content_Types].xml ¢( ´TËnÂ0¼Wê?D¾V‰¡‡ªªú8¶H¥`ì XõKöòúûnDUA*å)YïÌììăÑÚšl 1iïJÖ/z,'½ÒnV²ÉK~ϲ„Â)a¼ƒ’m ±Ñðúj0ÙHu»T²9bxà<É9X‘ ÀQ¥òÑ ¤×8ãAÈO1~ÛëÝqé‚Ãk6$N{9›êÍ+P9Y ¢†vuÇGaD²ìÃï»ÆoR€”wàͳ¶a ÌIÊŠ~‰‰˜8›ïWòZè“"V0}¿˜ûßÀ»„´ù“>þÁŒýuQwHoî·áÿÿPK!‘·óN_rels/.rels ¢( Œ’ÛJA†ïßaÈ}7Û "ÒÙÞH¡w"ë„™ìw̤ھ½£ ºPÛ^æôçËOÖ›ƒ›Ô;§<¯aYÕ Ø›`Gßkxm·‹aPYÈ[š‚g GΰinoÖ/<‘”¡<Œ1«¢â³†A$>"f3°£\…ȾTºI S‘ÌeõŒ«º¾ÇôWš™¦ÚY igï@µÇX6_Ö]7~ fïØˉÈaaoÙ.b*lIÆrj)õ,l0Ï%‘b¬ 6ài¢ÕõDÿ_‹Ž…, ¡ ‰Ïó|uœZ^tÙ¢yǯ;!Y,}{ûCƒ³/h>ÿÿPK!Öd³Qú1word/_rels/document.xml.rels ¢( ¬’ÍjÃ0„ï…¾ƒØ{-;ý¡„ȹ”@®ûŠ½þ¡²$´›¶~û CR‡÷â‹`Fhæ“´›íwoÄ'êœU%)´¥«:Û(x/vwÏ ˆµ´qH°Íoo6¯h4ÇCÔvžDL±¤ eök)©l±×”86îÔ.ôš£ôºüÐ ÊUš>É0Í€ü"Sì+a_݃(›ÿÏvuÝ•øâÊc–¯TÈ/<¼!s¼ÅXd3‰´ ¯ƒ¬–¡?'g![a?óü4ê¹úÇ%ë9Žþ¶RŽk6Çð°$Cí,ú`&gë!/=ÿÿÿPK!ÔüY!%pword/document.xmlÄTMÓ0½#ñ"ßÛ¤a[VѦ+¤R¸€ªÝEœ]ÇI¶Ç²Ý†òë;tÙÕªÚ—8žñ¼÷æþ¹ý¥dräÖ Ð%YÌ3’pÍ º)É·‡íìš$ÎS]Q š—äĹ]¿}sÓ°ƒâÚ'¡]qDoë½)ÒÔ±–+êæ`¸Fg VQ[Û¤ŠÚŸa3c õb/¤ð§4ϲ` $a«‹b¦³à ö!¤€ºŒËa/áí#7ƒäȘZ.Qh× ãF4õZ4L±AŽ/%qTr<×™KØ*K;쇒½ìle,0îZ7½sB\d/qSÄ%sŽJz‚ ÓñOÿ§æͱyiϨ¿‰`-Ö8K{¨Na5IWà,Vw%ɲ›Å"ß’Ñ´ÃFg8)ù&[NÆ ¯éAú§žÝ™)"ïlX~0„;RY†£Ë-IƒÕöN»í Ž Q’a¡¸K¾ò.¹E1Õ®h?h÷¼‡¹§\įû=/W4Xq5;ˆ¹?Jô?Ëë ¿þÌ¥„ä;XYÙ¾¿&ÈsœùÕ_ع{:;pLsŠÔá;”çWøa¹ñyÿ±†¦ùBa¼7‹«þˆM‹HãvÞ^âq/y}æm98ÎÑû<Â×8Ó¶9ø¸èÈ0ÎP†³B¢ |÷>YQ¡G ÍwÂ3Tùn½Xž¾±:ýT£m|*×ÿÿPK!–µâ–Peword/theme/theme1.xmlìYOoÛ6¿Øw toc'vauŠØ±›-MeÄn‡i‰–ØP¢@ÒI}eÚã€Ãºa‡Øm‡a[Ø¥û4Ù:lЯ°GR’ÅX^’6ØŠ>$ùãûÿ©«×îÇ!)OÚ^ýrÍC$ñy@“°íÝö/yH*œ˜ñ„´½)‘Þµ÷ß»Š×UDb‚`}"×qÛ‹”J×—–¤ÃX^æ)I`nÌEŒ¼Šp)øèÆli¹V[]Š1M<”àÈÞ©OÐP“ô6râ=¯‰’zÀgb Ig…ÁauSÙebÖö€OÀ†ä¾òÃRÁDÛ«™Ÿ·´qu ¯g‹˜Z°¶´®o~ÙºlAp°lxŠpT0÷e+[}`j×ëõº½zAϰV–2ÍFÞÉi–@öqžv·Ö¬5\|‰þÊœÌN§Óle²X¢desøµÚjcsÙÁeÅ7çðÎf·»êà ÈâWçðý+Õ†‹7 ˆÑä`ÚïgÔȘ³íJøÀ×j|†‚h(¢K³óD-Šµß㢠dXÑ©iJÆ؇(îâx$(Öð:Á¥;ä˹!ÍI_ÐTµ½S1£÷êù÷¯ž?EÇž?øéøáÃãa?ZBΪmœ„åU/¿ýìÏÇ£?ž~óòÑÕxYÆÿúÃ'¿üüy5Òg&΋/ŸüöìÉ‹¯>ýý»GðMGeøÆD¢›äíó3Vq%'#q¾ÃÓòŠÍ$”8ÁšKýžŠôÍ)f™w9:ĵàå£ x}rÏx‰‰¢œw¢ØîrÎ:\TZaGó*™y8IÂjæbRÆíc|XÅ»‹Ç¿½I u3KGñnD1÷NIBÒsü€ íîRêØu—ú‚K>Vè.EL+M2¤#'šf‹¶i~™Véþvl³{au8«Òz‹ºHÈ Ì*„æ˜ñ:ž(W‘☕ ~«¨JÈÁTøe\O*ðtHG½€HYµæ–}KNßÁP±*ݾ˦±‹ŠTѼ9/#·øA7ÂqZ…Ð$*c?a¢íqUßån†èwðNºû%Ž»O¯·ièˆ4=3Ú—Pª ÓäïÊ1£Pm\\9†øâëÇ‘õ¶âMØ“ª2aûDù]„;Yt»\ôí¯¹[x’ìóùç]É}Wr½ÿ|É]”Ïg-´³Ú eW÷ ¶)6-r¼°CSÆjÊÈ išd ûDЇA½ÎœIqbJ#xÌ꺃6kàê#ª¢A„Sh°ëž&ÊŒt(QÊ%ìÌp%m‡&]ÙcaSl=XíòÀ¯èáü\P1»MhŸ9£Mà¬ÌV®dDAí×aV×B™[݈fJÃP|8¯Ö„AÛV^…ó¹f aÌH ín÷ÞÜ-Æé"á€d>ÒzÏû¨nœ”ÇŠ¹ €Ø©ð‘>äbµ·–&ûÜÎâ¤2»Æv¹÷ÞÄKyϼ¤óöD:²¤œœ,AGm¯Õ\nzÈÇiÛeÙã¼.uχYC¾6ìOMf“å3o¶rÅÜ$¨Ã5…µûœÂNH…T[XF64ÌT,Ñœ¬üËM0ëE)`#ý5¤XYƒ`øפ;º®%ã1ñUÙÙ¥m;ûš•R>QD¢àØDìcp¿UÐ' ®&LEÐ/p¦m¦Üâœ%]ùöÊàì8fi„³r«S4Ïd7y\È`ÞJân•²eåίŠIùR¥Æÿ3Uô~7+ö€×¸#¯mq¨BiDý¾€ÆÁÔˆ¸‹…i*¸L6ÿ9ÔÿmÎY&áÀ§öiˆ…ýHE‚=(K&úN!VÏö.K’e„LD•Ä•©{D e긪÷vEꦚdeÀàNÆŸûžeÐ(ÔMN9ßœRì½6aþéÎÇ&3(åÖaÓÐäö/D¬ØUíz³<ß{ËŠè‰Y›Õȳ˜•¶‚V–ö¯)Â9·Z[±æ4^næÂç5†Á¢!Já¾aé?°ÿQá3ûeBo¨C¾µÁ‡M¢ú’m<.vp“´Á¤IYÓf“¶Z¾Y_p§[ð=al-ÙYü}NcÍ™ËÎÉÅ‹4vfaÇÖvl¡©Á³'S†ÆùAÆ8Æ|Ò*uâ£{àè-¸ßŸ0%M0Á7%¡õ˜<€ä·ÍÒ¿ÿÿPK!ŒK"¨üword/settings.xmlœTÛnœ0}¯Ô@'ºêˆ&•¥ºP¤Âì.AZ Üëjøö„Ò˜ü;bGo|_µq‡¸Å/ëÃbìgº‹·S„c_Ã|Ú%Iºw1Ñd‰Þ"sü©ýjùbºÄ%¥f$¸vÆ(‘•úî#“ž/)>9ú”)úÒ“«ÕDA8ßc <]ž˜šµ£Íh̯‰nç±x"ÓÿD±âßÝ\7¨þ¬¡W“ë ‰ú*k„ýÉf3û1i¯˜ð¸éËÂGIìøª—õƒv†ÑR !³8¤ÔUèŠÈÖWœÊÕmá¤CVq]¸A¦×D)l6JÊ6ÉCÎÚÎ&!n-îj¢ïÆMÙ¦3—Žî7nHån†êyáÓUóbÁNÿ ÿÿPK!õ=‡aword/fontTable.xml¤’Mnƒ0…÷•zaä}ƒ!?MPHÑfÙEÕ`BL°„mäqBsû˜ÐET)iA²Ä›ñcüù-×_ª N¢4:eш³@èÜì¥>¤ìócû4g:Ð{¨Œ);dëÕãòI £´_cbSV:W'aˆy)àÈÔBS0V£O{MQÈ\¼˜ü¨„vaÌù,´¢GÿÆRÖÈz·æ·ÆØ}mM.iXUy?R³U?]Ð$MA%wVv…´AQíUÊxÌ·|JkûNø¸]YØ:ä%Xnhä^.@Éê|Q±‘ˆ¾PK——ýV®¾„ò@…#îxÊ^#Îy¼Ý2¯D)›°É%¦¡ü³è{ƃB×Cƒu>]K´è|H!Ÿ~W7gèïçŠÄ‡Tƒ7ÑïFGuM$æ3"1%-™ñ]DlçÛ¼• o†óÓI2Ržç“¨?ÿ]D¼ÏíD2P ø%e-O¢%r_6þFâ:e|2°ù!Ñ%õŸlô!ÁÕ7ÿÿPK!JØŠ’»word/webSettings.xmlŒÎÁjÃ0Æñ{aït_õ0JHR(£/Ðõ\Gi±d$mÞöô5l—ÝzŸøñï_im>Q42 ð²m¡A £©„Gï–"Q°üUËࢫRö~Š ëŽeŲEy:yláEÛÞF_ ê |sö6 ØJapE»óJ˜ˆÀ®¬\ë…=ròy©Hï3î|éÖ]8ç#¿ÉÑŽ:5[/dçå׶£l)Tdÿ"w%à™®#˜îŸ””Q]fþ6ºüöý»ä³ù´ ïØ…£+ÿÿÿPK!ÛgaHydocProps/core.xml ¢( Œ’_KÃ0Åß¿CÉ{›¤¥í@eO'Šo!¹Û‚Í’¸nßÞ´Ýj‡>øxsN~÷Ü›”‹ƒj’=8/®ÍJ@s#¤ÞVèu½Lç(ñiÁ£¡BGðhQ__•ÜÜ8xvÆ‚|IÚÜVh‚-0ö|aŠù,:t7Æ)bé¶Ø2þɶ€sBn±‚ÀwÀÔŽDtB >"í—kz€àP ƒÇ4£øÇeÀ)ÿç…^™8•Geg:ŲÄÑ}ðr4¶m›µ³>FÌOñûêé¥5•ºÛaT—‚ÜÆÕo²ñF—xrÔ¯a>¬â¦7ÄýqtýV:³ƒ½ìÞ¨¦%ž–±O?ÖÐDƒÃXgåmöð¸^¢:'4OÉ<%ùšÞ7´ ä£uq¿>¨S´ÿóKâP÷‰/?Ký ÿÿPK!ï,Ÿ¦aø9word/styles.xml´›ßSÛ8ÇßoæþaßiHÒ&W¦¡C¡\™i{´¹gÅVˆ¦Ž•³”ýëOZÙÂر½‹Ý§âÚÏJ»ú®¡Úwï¶Ið“gJÈtŽ_‡O#‹ônÞÞ\ýJ³4f‰Lù"|ä*|úçïîO”~L¸ ŒTd‹p£õîd4Rцo™z%w<5ÏÖ2Û2m.³»‘\¯EÄ/d´ßòT&ÇdzQƦ \mÄN…¹µ{Œµ{™Å»LF\)ãí6qö¶L¤á©q/–Ñ_³}¢•½Ì®³ü2¿‚.eªUpÂT$ÄqÜLq+R™}:K•ÍΔ>S‚|¸±o|)]²öAÄ"Y¢úelþdÉ"œLŠ;çÖƒg÷–Þ÷xzt»,{²ý•±»Yv´<³ÆF0ÍâßÒtwÏ&o®À•‹ÌÂ[knhâa9‰°žÌgÅÅ÷}bn°½–9XÙ¬¹¬¬¸‰«‰òÒe‰yÊןeôƒÇKm,B`™›·W×™™Ð‹ðí[Ë47—|+>‰8æ6)ó{·éFÄüß OoŸî»„Ë-FrŸjãþlY¨øãCÄw6ÅŒé”ÙµkV•8àÐ^äG{|ÉJsÁ²j{ÍÉ{÷\&2[ï“btÊÃœ¼ƒ=7ò&ööQ"1'ïàgòœE‘ùÍ “§äX<é(B‡£ÀfÃÏ…”Šì 3"a¨ÂšXý´–"‹îwþSØ?Áï|Í3ÓÉÄ»O‡ô3$eÒ;ÅRþpa»§ ‚F‰U"$é~„S:¥F„é¼¥“àæŸóà“k€©ƒ”z~òÆt•Û… =É6?õãδì슓åÖši²}]yô¡]™† ¼Ç¶}>æEhªÊoÃÿÛæTøÙô¼ÅÅ;ÇÇ/ÆãÉeÞà&ëNDeãEdz¥ZœÈÂûÓIp¾êRÃyypë©Y£p.?7ÿôuåÞ{vzÓÜ2kØà·¶gÄ[|†3ä«À+.ÞuaMÛ¸Ôå¡?ooëUâÑÌW© …iûƒÿ[s!˜3kžŸó$ù mMË]ó« _k÷t|u²bj%µ–Ûæñ#aO0K\vÆ]ÚI4¯}ºß®xfúÀZÖÿ«´õúÕž'®;ëÂíwžñò»êO¾?©ÓÿÿÿPK-!Ýü•7f [Content_Types].xmlPK-!‘·óNŸ_rels/.relsPK-!Öd³Qú1Ãword/_rels/document.xml.relsPK-!ÔüY!%pÿword/document.xmlPK-!–µâ–PeSword/theme/theme1.xmlPK-!ŒK"¨üword/settings.xmlPK-!õ=‡aóword/fontTable.xmlPK-!JØŠ’»ªword/webSettings.xmlPK-!ʘ¿±pÇ—docProps/app.xmlPK-!ÛgaHy=docProps/core.xmlPK-!ï,Ÿ¦aø9¼word/styles.xmlPKÁý#')
also everything is live here you can try by yourself and see what errors you get
http://wilson382.info/pages/files/
Sorry, I apologize! You must escape the chars used for marking the string. In your case the single quotes.
So, first, the database must be set for BLOB. Here is a note from a site explaining these size settings:
TINYBLOB - A BLOB column with a maximum length of 255 (28 - 1) characters. BLOB - A BLOB column with a maximum length of 65,535 (216 - 1) characters. MEDIUMBLOB - A BLOB column with a maximum length of 16,777,215 (224 - 1) characters. LONGBLOB - A BLOB column with a maximum length of 4,294,967,295 (232 - 1) characters. For most applications, a MEDIUMBLOB field is more than enough, since it can hold up to 15 megs of binary data
Then, they read the data from the file this way which is as you are only they add slashes:
$data = addslashes(fread(fopen($binFile, "rb"), filesize($binFile)));
Also, it seems that if a file is saved inside a MySQL database, you have to “download” it in a different way using headers to tell the browser how to download it. If you are planning on downloading the files to your local system, this is how that site says it is done:
$sql = "SELECT bin_data, filetype, filename, filesize FROM tbl_Files WHERE id_files=$id_files";$result = @mysql_query($sql);
$data = @mysql_result($result, 0, “bin_data”);
$name = @mysql_result($result, 0, “filename”);
$size = @mysql_result($result, 0, “filesize”);
$type = @mysql_result($result, 0, “filetype”);header(“Content-type: $type”);
header(“Content-length: $size”);
header(“Content-Disposition: attachment; filename=$name”);
header(“Content-Description: PHP Generated Data”);
echo $data;
So, that code is using their variable names not yours. Also, note that this will display the file to the browser as an attachment and so the browser will create the “RUN/SAVE” dialog for you. Usually, you would want the user to use SAVE…
Hope that all helps. Sorry I got confused on the header issues. I forgot you need to send the file to the browser which DOES need header’s to understand what to do with the file… Let me know what happens…
Erniex thank you very much for following me this far.
I did what you told me above i replaced my whole query and my whole header.
i replaced everything with urs it works still i get the same result.
for example if i upload an image when i download i wont be able to review it. so for example if i right click the image and edit with notepad++ at the top of the binary code i see
Download File From MySQL
so if i go ahead and remove those html the top and save the image now bingo the image works, and that is what happening with all the files BUT I DO NOT KNOW WHY IS PRINTING those html codes at the top
anyway i gave up once on this small project and i give up again. Thanks Erniex
Erniex, i packed the whole project into a zip which include index.php,download.php, and table_structure.sql for you to create the table structure. go ahead and download and give it a try please. see if you make it work by yourself. to make it work just edit the file that contains the database info.
anyone feel free to try.
first create your table by running the sql i included and then edit the database information connect_db.php
here is the virustotal san result link:
https://www.virustotal.com/file/1a28de6f19376755e2a8f0e0df9d75eeff303fed8c36666134b7b7097b465f94/analysis/
here is the download link:
http://wilson382.info/files/Upload_files_database.zip
feel free to rescan it on virustotal.com before use.
GOOD LUCK.
Well, your code is actually doing what you designed it to.
Your download.php code contains HTML which is sent to the browser, followed by HREF links sent to the browser and then contains code to process the download selected. It basically is a recursive call to itself. So, of course, it will always display HTML at the beginning. Is that what you are trying to do? My guess is not!
So, this is what is going on… Let’s discuss just the image your mentioned earlier! SO, you upload an image, let’s call it “image1.jpg”. The image has slashes added to block out the quotes. Then, it is stored inside a BLOB field in the database. All of this is good. It works, even though it is NOT the standard way to do this process. (Normally, images, videos, sounds and all media files are not stored in databases, but, in hidden secured folders. This is for database speed and bloat issues!) So, this section works.
Now, when you “retrieve” your image from the database, it becomes data that is stored into a variable. This data can be saved as a file and then is useable for displays. To display the image directly from the variable, you need to use headers to tell the browser that the data is an image. It appears that the issue is in the headers.
After doing some reading for you, I found that you should be able to send the image header in this manner:
[php]
header(“Content-type: image/jpeg”);
echo $data;
[/php]
So, replace the four (4) headers you have before the $data and try this one header. Let me know if it works for you. If not, I will set it up on my server late tonight and figure it out for you… Good luck…
nop now it just a broken image icon.
the zip is still up to date and download it and test it yourself on your localhost
Sorry, have been gone taking care of a sick relative. I will download it tonight and try in on my server.
I will post back tonight and let you know what I find…