Problem getting files from the database

General PHP Help
#1

Hi, I have a problem now that I can not download the files I uploaded. The files appear me in a list, but when I click them nothing happens, it’s like that the variable is empty. I don’t know what i do it wrong. The code

[php]
$query = “SELECT recup_id, recup_name FROM tmp_demos”;
$result = mysql_query($query) or die(‘Error, query failed’);

if(mysql_num_rows($result)==0){
    $text .= "Database is empty <br>";
}
else{
    while(list($recup_id, $recup_name) = mysql_fetch_array($result)){
        $text .="<a href=\"download.php?id=$recup_id\">$recup_name</a><br />";
    }
}

if(isset($_GET['recup_id'])){
    $recup_id    = $_GET['recup_id'];   
    $query = "SELECT recup_name, recup_type, recup_size, recup_content FROM tmp_demos WHERE recup_id = $recup_id";     
    $result = mysql_query($query) or die('Error, query failed');
    list($recup_name, $recup_type, $recup_size, $recup_content) =  mysql_fetch_array($result);
    header("Content-Disposition: attachment; filename=\"$recup_name\"");
    header("Content-type: $recup_type");
    header("Content-length: $recup_size");
    echo $recup_content;
	
}

[/php]

I check with:

[php] exit($_GET[‘recup_id’]); [/php]

But the files gives me an error (i don’t know what is the error because it’s going to error_404 page). I saw if created a log file but no.

Well, i hope that someone can help me. Thank you!

#2

What is the code for download.php?

Are the files themselves in the database or just the file information?

#3

The code of download.php is:

[php]<?php

require_once("…/…/class2.php");
define(“e_PAGETITLE”, “Upload LJ Demo”);
require_once(HEADERF);

$text .= "









";

if(isset($_POST[‘upload’]) && $_FILES[‘userfile’][‘size’] > 0){

$fileName = $_FILES[‘userfile’][‘name’];
$tmpName = $_FILES[‘userfile’][‘tmp_name’];
$fileSize = $_FILES[‘userfile’][‘size’];
$fileType = $_FILES[‘userfile’][‘type’];
$fileError = $_FILES[‘userfile’][‘error’];

$ext_str = “rar”;
$allowed_extension = explode(’,’ , $ext_str);
$max_file_size = 10240000;
$ext = substr($_FILES[‘userfile’][‘name’], strrpos($_FILES[‘userfile’][‘name’], ‘.’) + 1);

$fileExist = “SELECT * FROM tmp_demos WHERE recup_name = ‘$fileName’”;
$resultado=mysql_query($fileExist) or die (mysql_error());

$fp = fopen($tmpName, ‘r’);
$content = fread($fp, filesize($tmpName));
$content = addslashes($content);
fclose($fp);

if(!get_magic_quotes_gpc())
{
$fileName = addslashes($fileName);
}

if(!empty($fileName)) {

	if($fileError==0){
		
		// Check that the files to upload are RAR or ZIP
		if(in_array($ext, $allowed_extension)){
			
			//Check that the files don't exceeds the max file size
			if($_FILES['userfile']['size'] <= $max_file_size){
			
				if(mysql_num_rows($resultado) <= 50){
			
				if(mysql_num_rows($resultado) == 0){

				$query = "INSERT INTO tmp_demos (recup_user, recup_name, recup_type, recup_size, recup_content, recup_date, recup_status)"."VALUES ('".USERID."', '$fileName', '$fileType', '$fileSize', '$content', '".time()."', '0')";
				mysql_query($query) or die('Error, fallo la consulta');

				$text .= "<h3>The file $fileName was uploaded correctly</h3>";

				}
				else{
					echo "<h3><font color='red'>Error!</font> The file with the name $fileName already exist</h3><hr />";
					}
			}
			else{
				echo "<h3>Reached the maximum number of demos. Wait to the next release</h3>";
				}
			}
			else{
				echo "<h3> Only the file less than ".$max_file_size."mb  allowed to upload </h3><hr />";
				}
		}
		else{
			echo "<h3> Only ".$ext_str." files allowed to upload </h3><hr />";
			}
	}
	else{
		echo "<h3> Unexpected error when you try to upload file! Try again </h3><hr />";
	}
}
else{
	echo "<h3><font color='red'>Error!</font> The name of the file is empty</h3><hr />";
}

}

$ns->tablerender(e_PAGETITLE, $text);
require_once(FOOTERF);
exit();

?>[/php]

Weighted wrong, I know. (The files was uploaded correctly to my db)

#4

[php] $text .="<a href=“download.php?id=$recup_id”>$recup_name
";[/php]

This is saying you can download the file at download.php, but that isn’t the case. Which explains the dead link.

#5

Aaah! You are right, and how i fix it? in:

[php] $text .="<a href=“download.php?id=$recup_id”>$recup_name
"; [/php]

I have to replace “download.php” with the name of the file in which this the function , i mean the name of the file of:

[php] $query = “SELECT recup_id, recup_name FROM tmp_demos”;
$result = mysql_query($query) or die(‘Error, query failed’);

  if(mysql_num_rows($result)==0){
      $text .= "Database is empty <br>";
  }
  else{
      while(list($recup_id, $recup_name) = mysql_fetch_array($result)){
         $text .="<a href=\"download.php?id=$recup_id\">$recup_name</a><br />";
     }
 }

 if(isset($_GET['recup_id'])){
     $recup_id    = $_GET['recup_id'];   
     $query = "SELECT recup_name, recup_type, recup_size, recup_content FROM tmp_demos WHERE recup_id = $recup_id";     
     $result = mysql_query($query) or die('Error, query failed');
     list($recup_name, $recup_type, $recup_size, $recup_content) =  mysql_fetch_array($result);
     header("Content-Disposition: attachment; filename=\"$recup_name\"");
     header("Content-type: $recup_type");
     header("Content-length: $recup_size");
     echo $recup_content;

 }[/php]

I’m right?

#6

You actually have a few things to do. You could create a new page with this on it for downloading pages:

[php] if(isset($_GET[‘recup_id’])){
$recup_id = $_GET[‘recup_id’];
$query = “SELECT recup_name, recup_type, recup_size, recup_content FROM tmp_demos WHERE recup_id = $recup_id”;
$result = mysql_query($query) or die(‘Error, query failed’);
list($recup_name, $recup_type, $recup_size, $recup_content) = mysql_fetch_array($result);
header(“Content-Disposition: attachment; filename=”$recup_name"");
header(“Content-type: $recup_type”);
header(“Content-length: $recup_size”);
echo $recup_content;

  }[/php]

But, you will need to remove the trailing / for the I’d, it will cause the id to not be found.

Your bigger issues are, you are using depricated mysql_ function. The biggest problem is you are exposing your database to peril. Use prepared statements, because you are using get variables.

#7

Oh ok. I’m a little newy on PHP, It’s too much trouble for you if I ask you what statements can I use? Because i don’t know.

And sorry! When you asked me which is the code of download.php, I wrote you the code of upload.php. The download.php document is the same:

[php]
if(isset($_GET[‘recup_id’])){
$recup_id = $_GET[‘recup_id’];
$query = “SELECT recup_name, recup_type, recup_size, recup_content FROM tmp_demos WHERE recup_id = $recup_id”;
$result = mysql_query($query) or die(‘Error, query failed’);
list($recup_name, $recup_type, $recup_size, $recup_content) = mysql_fetch_array($result);
header(“Content-Disposition: attachment; filename=”$recup_name"");
header(“Content-type: $recup_type”);
header(“Content-length: $recup_size”);
echo $recup_content;

   }[/php]

Another question: Upload file is ok? I don’t expose my db to peril?

Sorry for inconveniences and Thank you very much!

#8

http://php.net/manual/en/book.mysqli.php

http://php.net/manual/en/mysqli.prepare.php

Here is a start.

#9

Ok, thanks for the tips and the help!

Sponsor our Newsletter | Privacy Policy | Terms of Service