Upload/Download Files From MYSQL with PHP

SteeringFaith · 05-31-2012, 01:03 AM

Hi,

I have been working on a script that uploads a file a user picks to a mysql server and then they are able to download it on another page. There are no errors in my script except that the size of the files when I check my sql database in phpmyadmin are a lot lower than the actual size of the files and when I download the files they won't open and are still small in size. Can you find the problem please I have looked everywhere?

Thanks, Eric

Form in HTML (index.html)

Code:

<form action="uploadTEST.php" method="post" enctype="multipart/form-data">
         
<!--         <p style="font-size:20px">Upload a file:</p> -->
         
         
         
         <tr><td>  IB2: 
	<input type=radio name="grade" value="IB2" />
	<br />
	IB1: 
	<input type=radio name="grade" value="IB1" />
	<br />
	FY: 
	<input type=radio name="grade" value="FY" />
	<br />
	Y2: 
	<input type=radio name="grade" value="Y2" />
	<br />
	Y1: 
	<input type=radio name="grade" value="Y1" /> 
	<br />
	<select name="Subject">
		
		<option value="History">History</option>
		<option value="Physics">Physics</option>
		<option value="Chemistry">Chemistry</option>
		<option value="Biology">Biology</option>
		<option value="Civics">Civics</option>
		<option value="Science">Science</option>
		<option value="Economics">Economics</option>
		<option value="Spanish">Spanish</option>
		<option value="Latin">Latin</option>
		<option value="French">French</option>
		<option value="Mathematics">Mathematics</option>
		<option value="English">English</option>
		<option value="Film">Film</option>
		<option value="Art">Art</option>
		<option value="Drama">Drama</option>
		<option value="Music">Music</option>
		<option value="Philosophy">Philosophy</option>
		<option value="TOK">TOK</option>
		<option value="Mandarin">Mandarin</option>
		<option value="Korean">Korean</option>
		<option value="German">German</option>
		
	</select>
	 
	</td></tr>
         	<tr><td><input type="file" method="post" name="file" enctype="multipart/form-data" /> 
	<input type="submit" name="submit" value="Upload File" />
	<tr><td align="center"><div class="fb-like" data-send="true" data-width="400" data-show-faces="true"></div>	</td></tr>
	
</form></td></tr>
         	
         	 <div id="right"></div>
         	
         		</div>
              </div>

UploadTEST.php

PHP Code:


			
<?php



//declare variables

$Server="xxxx";

$User="xxxx";

$Password="xxxxx";

$Database="xxxx";

$type = $_FILES['file']['type'];

$size = $_FILES['file']['size'];

$name = $_FILES['file']['name'];

$file = $_FILES['file']['tmp_name'];

$path = "/usr/local/pem/vhosts/xxxx/webspace/httpdocs/upload/" . $name;

$TheGrade = $_POST['grade'];







//set permissions to allow

chmod($file,"0777");





//check for type of file

if ((($_FILES["file"]["type"] == "image/gif")

|| ($_FILES["file"]["type"] == "image/jpeg")

|| ($_FILES["file"]["type"] == "image/png")

|| ($_FILES["file"]["type"] == "application/msword")

|| ($_FILES["file"]["type"] == "application/pdf")

|| ($_FILES["file"]["type"] == "text/plain")

|| ($_FILES["file"]["type"] == "application/vnd.openxmlformats-officedocument.presentationml.presentation")

|| ($_FILES["file"]["type"] == "image/pjpeg")))



  {





//specify size limitations on file

if($size < 1000000){



//move temporary file to permanent location

if(move_uploaded_file($file,$path)){

        

//open file and extract data

$fp = fopen($path, 'r');

$data = fread($fp, filesize($path));

$data = addslashes($path);

fclose($fp);        

        

//connect to mysql

$connection = mysql_connect($Server, $User, $Password);

if(!$connection){

    die("Couldn't Connect" . mysql_error());

}



//select database

mysql_select_db($Database, $connection);



//Ensure security

if(!get_magic_quotes_gpc()){ 

$name = addslashes($name);  

}

        

//specify grade database

    if($TheGrade==IB2){



$gradetable="IB2FILES";

    

} elseif($TheGrade==IB1){



$gradetable="IB1FILES";

    

} elseif($TheGrade==FY){



$gradetable="FYFILES";

    

} elseif($TheGrade==Y2){



$gradetable="Y2FILES";

    

} elseif($TheGrade==Y1){



$gradetable="Y1FILES";

    

} else {

    

    echo "Connection error: No grade submission";

    $gradetable=null;

    echo $gradetable;

    

}



//add quotes to variables for query

$size = "'" . $size . "'"; 

$type = "'" . $type . "'";    

$name = "'" . $name . "'";    

$data = "'" . $data . "'"; 



//declare query

$query = "INSERT INTO " . $gradetable . " (name,type,size,file) VALUES (" . $name . "," . $type . "," . $size . "," . $data . ")";



//submit query

if(!mysql_query($query,$connection)){

    

    die("SQL Error! Query is $query<br />Error is: ". mysql_error());

    

}

    

}else{

    

    echo "File failed to upload";

    

}



}else{

    

    echo "File size too large: " . $size/1024 . "Kb";

    

}



}else{

    

    echo "Please see the list of permitted file types: " . $type . " is not allowed.";

    

}



echo "";



?>

Downloads Page for IB2 (IB2Downloads.php)

PHP Code:


			
<?php



$Server="xxxx";

$User="xxxx";

$Password="xxxxx";

$Database="xxxx";

$con = mysql_connect($Server,$User,$Password);



if(!$con){

    

    die("Couldn't Connect " . mysql_error());

    

}



mysql_select_db($Database,$con);



$sql = "SELECT * FROM IB2FILES";



$ctq = mysql_query($sql,$con);

$rows = mysql_num_rows($ctq);

if (!$ctq)

{

    die("SQL Error! Query is $query<br />Error is ".mysql_error());

}



while ($row = mysql_fetch_assoc($ctq)) {

        

    echo "<form action=dl.php method=get>";    

    echo "<table> <tr> <td>";

    echo "ID: ";

    echo $row['id'];    

    echo "</td> </tr> <tr> <td>";

    echo "Name: ";

    echo $row['name'];

    echo "</td> </tr> <tr> <td>";

    echo "Type: ";

    echo $row['type'];

    echo "</td> </tr> <tr> <td>";

    echo "Size: ";

    echo $row['size'];

    echo " bytes";

    echo "</td> </tr> <tr> <td>";

    echo "File: ";

    echo $row['file'];

    echo " ";

    echo "<input type = submit value=Download File>";

    echo "<br/>";

    echo "<a href=dl.php?id=" . $row['id'] . "&size=" . $row['size'] . "&file=" . $row['size'] . ">Download</a>";

    echo "</td> </tr> <tr> <td>";

    echo "</table>";

    echo "</form>";

}



?>

Downloading Actual File Page (dl.php)

PHP Code:


			
<?php



$ID = $_GET['id'];



$Server="xxxx";

$User="xxxx";

$Password="xxxx";

$Database="xxxx";

$con = mysql_connect($Server,$User,$Password);



if(!$con){

    

    die("Couldn't Connect " . mysql_error());

    

}



mysql_select_db($Database,$con);



$query = "SELECT * FROM IB2FILES WHERE id = '$ID'";

$result  = mysql_query($query) or die(mysql_error());



// define results into variables

$name=mysql_result($result,0,"name");

$size=mysql_result($result,0,"size");

$type=mysql_result($result,0,"type");

$file=mysql_result($result,0,"file");



header("Content-disposition: attachment; filename=$name");

header("Content-length: $size");

header("Content-type: $type");

echo $file;



mysql_close();



?>

I assume that is all the relevant information.

Thanks Again!

firepages · 05-31-2012, 02:35 AM

here you set data to the file contents

PHP Code:


			
$data = fread($fp, filesize($path));

here you overwrite data with the pathname

PHP Code:


			
$data = addslashes($path);

so you should concatenate if you really want to add the path to the file...

PHP Code:


			
$data .= addslashes($path);

or are you trying to addslashes to the content ? in which case you should be ..

PHP Code:


			
$data = addslashes($data);