1

I am trying to make a simple file upload from php to mysql and downloading it back but i keep to seem on running into a problem, but I can't figure it out. The picture that I try to upload in this form creates some content in the blob column but on download widows viewer gives and error of no preview available

Here's the code for the form

<form enctype="multipart/form-data" method="post" action="upload.php">
Choose your file <input name="file" type="file">
<input type="submit" >
</form>

Here's the code for upload.php

include('connect.php');
$actualname=$_FILES['file']['name'];
$type=$_FILES['file']['type'];
$name  = $_FILES['file']['tmp_name'];
$size = $_FILES['file']['size'];

$fresource=fopen($name,'r');
$content=fread($fresource,filesize($name));;
$content=addslashes($content);
fclose($fresource);

$query='INSERT INTO `files` (Name,Content,Type,Size) VALUES ("'.$actualname.'","'.$content.'","'.$type.'","'.$size.'")';
echo $query;
$var=mysql_query($query,$con);

and here's the code for download.php

include('connect.php');
$query='SELECT * FROM `files` WHERE ID="2"';
$res=mysql_query($query,$con);
$var=mysql_fetch_array($res);
header("Content-length: ".$var[4]);
header("Content-type: ".$var[3]);
header("Content-Disposition: attachment; filename=".$var[1]);
echo $var[1];

Any help would be much appreciated

The files table has the ID,Name,Content,Type,Size columns in the same order

Improve this question
6
  • 2
    And the problem you are running into is?? Commented Feb 4, 2013 at 11:40
  • What doesn't work? Provide some output, please. Commented Feb 4, 2013 at 11:41
  • oh sorry- the downloaded image wont open with windows picture viewer or paint. i.e. it reckons that the content of the image file is wrong, but my blob is being uploaded to the database as i can see the size of the blob when browsing the table Commented Feb 4, 2013 at 11:42
  • 3
    1. mysql_* functions are deprecated, use mysqli_* or pdo. 2. it's not a good idea to store files in database. You'd better save file in file-system and in database keep reference to it. Commented Feb 4, 2013 at 11:42
  • Instead of adding slashes when saving and changing the data have you tried just using base64 to save the image and then when loading it decode it and echo the value. Also because it's binary data you may need to encode it with pack and unpack... Commented Feb 4, 2013 at 11:48

1 Answer 1

Reset to default
1

DONT USE MYSQL_*

also addslashes() is a terrible and falible way to secure your code. As it is the code is susceptible to SQL injection.

i'm assuming that your database is 

id name content type size

so change the last line to

echo stripslashes($var[2]);

since 

0 => id,
1 => name,
2 => content,

and you added slashes to the content... so now you need to remove em.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

thanks a lot... I cant believe I hadnt got the indexes right... BTW what would you suggest as a better way to secure my code then add slashes?? I mean apart from the mysql_real_escape_string function?

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.