A
Anonymous
Guest
Hi, I've set up a site where I can upload a file into a mysql db. The file seems to upload ok, but when I go to download it, it is corrupted (txt files are ok, but images, word and excel files aren't). If I look at the blob in mysqlfront, the images appear ok, so it seems that they upload ok, but sounds like there's a problem with my download script.
I've tried as many options as I can think of - like trying fopen with\without the binary option, addslashes, base64_encode, using\not using stripslashes, using diff header options...
Is there anything you can suggest? Am I doing something wrong somewhere?
Hope ya can help! I've spent ages trying to get this working!
Thanks
-----------------------------------------------------------------------------------
Download.php
<?php
if (isset($object_id)) {
include "conn.php";
$sql = "SELECT file_data, file_type, file_name, file_size FROM docs WHERE object_id=$object_id";
$result = @mysql_query($sql, $db);
$row = mysql_fetch_array($result);
$data = $row["file_data"];
$name = $row["file_name"];
$size = $row["file_size"];
$type = $row["file_type"];
header("Content-type: $type");
header("Content-length: $size");
header("Content-Disposition: attachment; filename=$name");
header("Content-Description: PHP Generated Data");
# header("Content-transfer-encoding: binary");
echo stripslashes($data);
#echo $data;
}
?>
Upload.php
<?php
if ($action == "upload") {
// ok, let's get the uploaded data and insert it into the db now
include "detail.php";
if (isset($upload_file) && $upload_file != "none") {
$data = addslashes(fread(fopen($upload_file, "rb"), filesize($upload_file)));
$strDescription = addslashes(nl2br($file_description));
$sql = "INSERT INTO docs ";
$sql .= "(description, file_data, file_name, file_size, file_type, date_uploaded) ";
$sql .= "VALUES ('$strDescription', '$data', ";
$sql .= "'$upload_file_name', '$upload_file_size', '$upload_file_type', sysdate())";
$result = mysql_query($sql, $db);
# echo $sql;
mysql_free_result($result); // it's always nice to clean up!
echo "File has been uploaded successfully.<br><br>";
echo "<a href='files.php'>View Files</a>";
}
mysql_close();
} else {
?>
<HTML>
<BODY>
<FORM METHOD="post" ACTION="upload.php" ENCTYPE="multipart/form-data">
<INPUT TYPE="hidden" NAME="MAX_FILE_SIZE" VALUE="1000000">
<INPUT TYPE="hidden" NAME="action" VALUE="upload">
<TABLE BORDER="1">
<TR>
<TD>Description: </TD>
<TD><TEXTAREA NAME="file_description" ROWS="10" COLS="50"></TEXTAREA></TD>
</TR>
<TR>
<TD>File: </TD>
<TD><INPUT TYPE="file" NAME="upload_file"></TD>
</TR>
<TR>
<TD COLSPAN="2"><INPUT TYPE="submit" VALUE="Upload"></TD>
</TR>
</TABLE>
</FORM>
</BODY>
</HTML>
<?php
}
?>
I've tried as many options as I can think of - like trying fopen with\without the binary option, addslashes, base64_encode, using\not using stripslashes, using diff header options...
Is there anything you can suggest? Am I doing something wrong somewhere?
Hope ya can help! I've spent ages trying to get this working!
Thanks
-----------------------------------------------------------------------------------
Download.php
<?php
if (isset($object_id)) {
include "conn.php";
$sql = "SELECT file_data, file_type, file_name, file_size FROM docs WHERE object_id=$object_id";
$result = @mysql_query($sql, $db);
$row = mysql_fetch_array($result);
$data = $row["file_data"];
$name = $row["file_name"];
$size = $row["file_size"];
$type = $row["file_type"];
header("Content-type: $type");
header("Content-length: $size");
header("Content-Disposition: attachment; filename=$name");
header("Content-Description: PHP Generated Data");
# header("Content-transfer-encoding: binary");
echo stripslashes($data);
#echo $data;
}
?>
Upload.php
<?php
if ($action == "upload") {
// ok, let's get the uploaded data and insert it into the db now
include "detail.php";
if (isset($upload_file) && $upload_file != "none") {
$data = addslashes(fread(fopen($upload_file, "rb"), filesize($upload_file)));
$strDescription = addslashes(nl2br($file_description));
$sql = "INSERT INTO docs ";
$sql .= "(description, file_data, file_name, file_size, file_type, date_uploaded) ";
$sql .= "VALUES ('$strDescription', '$data', ";
$sql .= "'$upload_file_name', '$upload_file_size', '$upload_file_type', sysdate())";
$result = mysql_query($sql, $db);
# echo $sql;
mysql_free_result($result); // it's always nice to clean up!
echo "File has been uploaded successfully.<br><br>";
echo "<a href='files.php'>View Files</a>";
}
mysql_close();
} else {
?>
<HTML>
<BODY>
<FORM METHOD="post" ACTION="upload.php" ENCTYPE="multipart/form-data">
<INPUT TYPE="hidden" NAME="MAX_FILE_SIZE" VALUE="1000000">
<INPUT TYPE="hidden" NAME="action" VALUE="upload">
<TABLE BORDER="1">
<TR>
<TD>Description: </TD>
<TD><TEXTAREA NAME="file_description" ROWS="10" COLS="50"></TEXTAREA></TD>
</TR>
<TR>
<TD>File: </TD>
<TD><INPUT TYPE="file" NAME="upload_file"></TD>
</TR>
<TR>
<TD COLSPAN="2"><INPUT TYPE="submit" VALUE="Upload"></TD>
</TR>
</TABLE>
</FORM>
</BODY>
</HTML>
<?php
}
?>