Urldecode(..) may not be binary safe. I'm not sure exactly what type of
content it is you are storing in the database for 'fdata', but it sounds
like you're misusing urlencode/urldecode. In short,
urlencode(..)/urldecode(..) are for encoding URLs and are not the
appropriate way to escape binary data for insertion into the database.

Instead, you should be using mysql_escape_string(...) to escape the binary
data upon insertion. Then, depending on your PHP configuration, use
stripslashes(..) to restore the scalar when you pull the data back from the
database.

e.g.

Mysql_query('INSERT INTO table (fdata) 
                        VALUES('.mysql_escape_string($fdata).')');

Then, when you select your data...

...
$result = mysql_query($query, $default);
$row = mysql_fetch_array($result);

$row[fdata] = stripslashes($row[fdata]);


Now, $row[fdata] contains the raw binary form of the file you wish to send.



Regards,

Erik Osterman
http://osterman.com/



-----Original Message-----
From: Stephen Craton [mailto:[EMAIL PROTECTED] 
Sent: Monday, November 10, 2003 5:07 PM
To: PHP List
Subject: [PHP] Downloading MySQL Files

I have a database which keeps some normal files in LONGBLOBS. I then call up
a file called download.php to retrieve the file from the database, echo out
it's contents, and it's type, and all that so they download it. However, if
the user clicks the download link, they download the actual download.php
file and if they open it, it's blank. I've attached the code to
download.php. Any ideas why this is happening and how to fix it?

 

<?php

                if (isset($HTTP_GET_VARS['id'])) {

                                include('Connections/default.php');

                                mysql_select_db($database_default,
$default);

                                $id = $HTTP_GET_VARS['id'];

                

                                $query = "SELECT * FROM files WHERE
id='$id'";

                                $result = mysql_query($query, $default);

                                $row = mysql_fetch_array($result);

                                $new = $row['downloads'] + 1;

                                $query = "UPDATE files SET downloads='$new'
WHERE id='$id'";

                                $result = mysql_query($query, $default);

                                

                                $type = $row["ftype"];

                                $name = $row["fname"];

                                $size = $row["fsize"];

                                $id = $row["id"];

                                $data = urldecode($row["fdata"]);

                                

                                header("Content-type: $type");

                                header("Content-length: $size");

                                header("Content-Disposition: attachment;
filename=$name");

                                header("Content-Description: PHP Generated
Data");

                                

                                echo $data;

                                exit();

                }

?>

 

 

Thanks,

Stephen Craton

HYPERLINK "http://www.melchior.us"http://www.melchior.us -- HYPERLINK
"http://www.melchior.us/portfolio"http://www.melchior.us/portfolio

 

 


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.532 / Virus Database: 326 - Release Date: 10/27/2003
 

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to