HI
This may not be the best way of storing files, i have been reading a lot of articles about the best way to do this, from storing them in a directory outside the public_html to storing them in blob in the MySQL database.
there seems to be all sorts of problems with which ever method is used, mainly security. I need to store sensative documents in my app and i thought the best way was inside the database as there is unlikley to be a large number fo files. However if someone has an alternative and examples or links to them i would be greatful, as i am still new to all this.
However, no mater what document i try and store it always seems to end up corrupt when i try to open them.
The app consists of a page with 2 forms, the first is the upload form, the second is a list of files in the database, the index has a link to allow the document to be down loaded or opened. I needed the list to be refeashed when a document was saved.
so... for the save form....
<form action="" method="post" enctype="multipart/form-data" name="form1" id="form1">
<input type="hidden" name="MAX_FILE_SIZE" value="2000000">
<input name="document" type="file" id="document" size="75" />
<input type="submit" name="save_file" id="save_file" value="Save" />
the PHP bit to save the file in blob
$acceptable_extensions[0] = "pdf";
$acceptable_extensions[1] = "PDF";
$validated = 1;
if($_FILES && $_FILES['document']['name']){
//make sure the file has a valid file extension
$file_info = pathinfo($_FILES['document']['name']);
$acceptable_ext = 0;
for($x = 0; $x < count($acceptable_extensions); $x++){
if($file_info['extension'] == $acceptable_extensions[$x]){
$acceptable_ext = 1;
}
}
if(!$acceptable_ext){
$validated = 0;
}
}else{
$validated = 0;
}
if($validated){
// Get important information about the file and put it into variables
$fileName = $_FILES['document']['name'];
$tmpName = $_FILES['document']['tmp_name'];
$fileSize = $_FILES['document']['size'];
$fileType = $_FILES['document']['type'];
// Slurp the content of the file into a variable
$fp = fopen($tmpName, 'r');
$content = fread($fp, filesize($tmpName));
$content = addslashes($content);
$content = htmlentities($content);
fclose($fp);
if(!get_magic_quotes_gpc()){
$fileName = addslashes($fileName);
}
$file_info = pathinfo($_FILES['document']['name']);
$sql = "INSERT INTO tracker_documents SET document_tracker_id = ".$_GET['trackerID'].",
document_name = '".$fileName."',
document_type = '".$fileType."',
document_Size = '".$fileSize."',
document_Content = '".$content."',
document_Extension = '".$file_info['extension']."'";
echo $sql;
$result = mysql_query($sql, $connTracker) or die(mysql_error());
This all seems to work up to this point.... and yes i only allow PDF at the moment, i tried word with no luck as well
this is the link to the download form
<a href="download.php?docindex=<?php echo $row_rsDocuments['document_index']; ?>"><?php echo $row_rsDocuments['document_index']; ?></a></td>
and the code to open/download the file
if(isset($_GET['docindex']))
{
$id = $_GET['docindex'];
$query = "SELECT document_name, document_type, document_size, document_content " .
"FROM tracker_documents WHERE document_index = ".$id;
$result = mysql_query($query) or die('Error, query failed');
list($name, $type, $size, $content) = mysql_fetch_array($result);
header("Content-length: $size");
header("Content-type: $type");
header("Content-Disposition: attachment; filename=$name");
echo $content;
}
exit;
the file is always corrupt and i am not sure why, can anyone help or point me in the direction of a solution
Thanks
kk
1
Reply
AdChoices