Help on upload and download and mysql

[tkuan77]

Hi guys,

 

I am trying to create a coding which allows users to upload and download files into mysql server, but I came across some errors. The coding itself works fine on the surface, but when I uploaded the file into mysql and download them, the contents of the downloaded file was different from the original file that was upload. One good example would be when I upload txt file or doc file. I was stuck on this for quite a few days without any leads.

 

Here are the codes:

 

index.html

 

<form action="add_file.php" method="post" enctype="multipart/form-data">

<input type="file" name="uploaded_file"><br>

<input type="submit" value="Upload file">

</form>

<p>

<a href="list_files.php">See all files</a>

</p>

 

 

add_file.php

 

<?php

// Check if a file has been uploaded

if(isset($_FILES['uploaded_file'])) {

// Make sure the file was sent without errors

if($_FILES['uploaded_file']['error'] == 0) {

// Connect to the database

$dbLink = new mysqli('localhost', 'root', 'pwd', 'myTable');

if(mysqli_connect_errno()) {

die("MySQL connection failed: ". mysqli_connect_error());

}

 

// Gather all required data

$name = $dbLink->real_escape_string($_FILES['uploaded_file']['name']);

$mime = $dbLink->real_escape_string($_FILES['uploaded_file']['type']);

$data = $dbLink->real_escape_string(file_get_contents($_FILES ['uploaded_file']['tmp_name']));

$size = intval($_FILES['uploaded_file']['size']);

 

// Create the SQL query

$query = "

INSERT INTO `file` (

`name`, `mime`, `size`, `data`, `created`

)

VALUES (

'{$name}', '{$mime}', {$size}, '{$data}', NOW()

)";

 

// Execute the query

$result = $dbLink->query($query);

 

// Check if it was successfull

if($result) {

echo 'Success! Your file was successfully added!';

}

else {

echo 'Error! Failed to insert the file'

. "<pre>{$dbLink->error}</pre>";

}

}

else {

echo 'An error accured while the file was being uploaded. '

. 'Error code: '. intval($_FILES['uploaded_file']['error']);

}

 

// Close the mysql connection

$dbLink->close();

}

else {

echo 'Error! A file was not sent!';

}

 

// Echo a link back to the main page

echo '<p>Click <a href="index.html">here</a> to go back</p>';

?>

 

 

list_files.php

 

<?php

// Connect to the database

$dbLink = new mysqli('localhost', 'root', 'pwd', 'myTable');

if(mysqli_connect_errno()) {

die("MySQL connection failed: ". mysqli_connect_error());

}

 

// Query for a list of all existing files

$sql = 'SELECT `id`, `name`, `mime`, `size`, `created` FROM `file`';

$result = $dbLink->query($sql);

 

// Check if it was successfull

if($result) {

// Make sure there are some files in there

if($result->num_rows == 0) {

echo '<p>There are no files in the database</p>';

}

else {

// Print the top of a table

echo '<table width="100%">

<tr>

<td><b>Name</b></td>

<td><b>Mime</b></td>

<td><b>Size (bytes)</b></td>

<td><b>Created</b></td>

<td><b> </b></td>

</tr>';

 

// Print each file

while($row = $result->fetch_assoc()) {

echo "

<tr>

<td>{$row['name']}</td>

<td>{$row['mime']}</td>

<td>{$row['size']}</td>

<td>{$row['created']}</td>

<td><a href='get_file.php?id={$row['id']}'>Download</a></td>

</tr>";

}

 

// Close table

echo '</table>';

}

 

// Free the result

$result->free();

}

else

{

echo 'Error! SQL query failed:';

echo "<pre>{$dbLink->error}</pre>";

}

 

// Close the mysql connection

$dbLink->close();

?>

 

 

get_file.php

 

<?php

// Make sure an ID was passed

if(isset($_GET['id'])) {

// Get the ID

$id = intval($_GET['id']);

 

// Make sure the ID is in fact a valid ID

if($id <= 0) {

die('The ID is invalid!');

}

else {

// Connect to the database

$dbLink = new mysqli('localhost', 'root', 'pwd', 'myTable');

if(mysqli_connect_errno()) {

die("MySQL connection failed: ". mysqli_connect_error());

}

 

// Fetch the file information

$query = "

SELECT `mime`, `name`, `size`, `data`

FROM `file`

WHERE `id` = {$id}";

$result = $dbLink->query($query);

 

if($result) {

// Make sure the result is valid

if($result->num_rows == 1) {

// Get the row

$row = mysqli_fetch_assoc($result);

 

// Print headers

header("Content-Type: ". $row['mime']);

header("Content-Length: ". $row['size']);

header("Content-Disposition: attachment; filename=". $row['name']);

 

// Print data

echo $row['data'];

}

else {

echo 'Error! No image exists with that ID.';

}

 

// Free the mysqli resources

@mysqli_free_result($result);

}

else {

echo "Error! Query failed: <pre>{$dbLink->error}</pre>";

}

@mysqli_close($dbLink);

}

}

else {

echo 'Error! No ID was passed.';

}

?>

 

I am not too sure where the error could be but I suspect that it could be somewhere at the add_file or get_file. Seriously hope someone could help me with this bug and thanks for the trouble.

 

Regards

Jasmine

[MadTechie]

whats the field type of "data",

 

if its text then change

$data = $dbLink->real_escape_string(file_get_contents($_FILES ['uploaded_file']['tmp_name']));

to

$data = base64_encode(file_get_contents($_FILES ['uploaded_file']['tmp_name']));

 

and

 

echo $row['data'];

to

echo base64_decode($row['data']);

 

However you should use a blob type

 

if you still have a problem, then can you give some more details

[tkuan77]

Hi MadTechie, the files that I wanted to upload and download into mysql are mainly html and php files. So do I still need to change anything to the coding or just edit mine according to what you have mentioned?

 

Regards

Jasmine

[MadTechie]

text files should be fine, do you have some examples of input and output!

[tkuan77]

Hi MadTechie,

 

an example of what happen when I upload and download the files are:

 

original np1.php

 

<form action="np2.php" method="post">

Name of New Page: <input type="text" name="newpage_name" />

<input type="submit" />

</form>

 

 

downloaded np1.php

 

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xml

 

 

Original np2.php

 

<?php

$newpage_name = $_POST[ 'newpage_name' ];

$newpage_initial = "Input Contents Here.";

$newpage_file = "test_np/" . $newpage_name . ".php";

$newpage_save = fopen($newpage_file, 'w');

fwrite($newpage_save, $newpage_initial);

fclose($newpage_save);

?>

 

 

downloaded np2.php

 

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head>

<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />

<title>Untitled Document</title>

</head>

<body>

<?php

$newpage_name = $_POST[ 'newpage_name' ];

$n

 

 

Original links.html

 

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head>

<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />

<title>Untitled Document</title>

</head>

<body>

<ul>

<li><a href="#home">Workspace</a></li>

<li>  |  </li>

<li><a href="#news">Manage</a></li>

<li>  |  </li>

<li><a href="#contact">Logout</a></li>

</ul>

</body>

</html>

 

 

downloaded links.html

 

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head>

<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />

<title>Untitled Document</title>

</head>

<body>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head>

<meta http-equiv="Content-Type"

 

 

Original phpinfo.php

 

<? phpinfo(); ?>

 

 

Downloaded phpinfo.php

 

<!DOCTYPE html P

 

 

The errors appeared quite random. Hope this helps you understand the errors I am encountering.

 

Regards

Jasmine

[tkuan77]

Sorry I left out 1 part.

 

original test.txt

 

test

 

 

downloaded test.txt

 

<!DO

 

 

Regards

Jasmine

[MadTechie]

Sorry the delayed reply,

The problem isn't as random as you think,

 

Here is the problem:

your download page has extra content, being

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head>

<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />

<title>Untitled Document</title>

</head>

<body>

 

change this to ONLY the PHP code you posted and it should be fine.. 

 

okay now the why

Lets look at the last example,

you uploaded "test" and it downloaded "<!DO" this is because it tried to download

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head>

<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />

<title>Untitled Document</title>

</head>

<body>test</body></html>

BUT you stated the size is 4 characters so you get

<!DO

 

if you review the other example your probably see the same pattern

 

Hope this helps

 

[tkuan77]

Hi, thanks for the reply, but I don quite get what u meant by change it to only the php code i posted?

 

Regards

[MadTechie]

Your get_file.php file contains more than you posted (or you're host is adding stuff!), it had some html at the start of it this is cause the file to be truncated, by the size restriction

header("Content-Length: ". $row['size']);

if you remove the above line you should get the full content BUT if you view source your notice some extra html