PHP and Mysql blob download problem

#1
welton122

Posted 19 September 2010 - 11:42 AM

Learning Programmer

Members
76 posts

hi all,

i am working on an area of my site whereby users can download documents. These documents are stored in a Mysql database (in a BLOB cell). I though i had done it but then i found that the files coming back (when i download then) was actually the page the users was on (the page from my site). Can anyone help me with this please??

Heres my code:

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html>


<head>

	<title>Jake Welton</title>	

	<link rel="stylesheet" href="style.css" type="text/css" media="screen" />

	<meta http-equiv="content-type" content="text/html; charset=utf-8" />	

</head>


<body>


	<?php


	require_once('header.php');

	

	if (isset($_POST['delete'])) {

	

	$id = $_POST['delete'];

	

	$q = "DELETE FROM uploads WHERE id=$id LIMIT 1";		

	$r = mysqli_query ($dbc, $q);

		if (mysqli_affected_rows($dbc) == 1) { // If it ran OK.

		

			// Print a message:

			echo '<h1 style="text-align: center;"><br><br>File deleted</h1>

			<meta http-equiv="refresh" content="1; URL=mydocs.php">

			';	

		

		} else { // If the query did not run OK.

			echo '<br><br><h1 style="text-align: center;">System error</h1>

	<p style="text-align: center;" class="error">The file could not be deleted from your mydocs. We apologize for any incovenience.</p>'; // Public message.

		}

	

	}

	

	if(isset($_POST['unq_id'])) 

	{

	

	$download_id = $_POST['unq_id'];

	

	$q = "SELECT * FROM uploads WHERE id=$download_id";

	

	$result = mysqli_query($dbc, $q);

	

	while ($row = $result->fetch_assoc()) { 

	$size = $row['size'];

	$name = $row['name'];

	$type = $row['type'];

	$content = $row['content'];

	}

	

	header("Content-length: $size");

	header("Content-type: $type");

	header("Content-Disposition: attachment; filename=$name");

	echo $content;

	}

	


	// prepare the query 

	$q = "SELECT id, name FROM uploads WHERE user_id='$userid'"; 


	// run the query 

	$result = mysqli_query($dbc, $q); 


	// check if the query has brought back a result 

	if($result) { 

	{ 

	echo "<table border=\"0\" width=\"700\" class=\"mydocs_table\" cellspacing=\"2\" cellpadding=\"0\"><br>";

	while ($row = $result->fetch_assoc()) {

	$id = $row['id'];

	$name = $row['name'];

	

	echo "

	<tr><td width=\"350\" align=\"middle\"> 

	$name       

    </td><td align=\"center\"> 

    <form action=\"mydocs.php\" method=\"POST\"> 

    <input style=\"font-family:Arial, Helvetica, sans-serif;color:#6294A8;font-size:12px; height: 25px; width: 100px\" type=\"submit\" name=\"download\" value=\"Download\"> 

    <input type=\"hidden\" name=\"unq_id\" value=\"$id\"> 

    </form>

    </td>

	<td>

	<form action=\"mydocs.php\" method=\"POST\">

	<input style=\"font-family:Arial, Helvetica, sans-serif;color:#6294A8;font-size:12px; height: 25px; width: 100px\" type=\"submit\" name=\"delete\" value=\"Delete\"> 

    <input type=\"hidden\" name=\"delete\" value=\"$id\">

	</form>

	</td>

	</tr>

	";

	}

	}

	} else {

	echo "No uploads";

	}

	?>

	

</body>


</html>

Many Thanks,
Welton122

#2
Alexander

Posted 19 September 2010 - 01:49 PM

It's Science!

Moderators
4,124 posts

You are sending data before and after the content disposition headers, you cannot echo content to the client if you are doing this on the same page.

You must either put the PHP script to the top, and apply exit(); after sending the headers, or separate the script into two pieces, one to display and one to handle the transfer.

Be sure to read the updated FAQ! || Health is achieved through the same 10,000 steps.
If a suggested code/method fails, informing us is less important than telling us why or what errors occurred.

#3
welton122

Posted 19 September 2010 - 10:14 PM

Learning Programmer

Members
76 posts

thanks for the response but i am a little unsure on how to fix this, would it be possible for you to give me an example?

Thanks

#4
Alexander

Posted 19 September 2010 - 10:43 PM

It's Science!

Moderators
4,124 posts

I am not able to test it, but this should properly send the BLOB content if $_POST['unq_id'] is set, because it will not echo anything the browser, just exit.

You can take out the whole "unq_id" block and place it in a another PHP file, and send them a link to it, to download the BLOB data, this would be the simpler way.

You just shouldn't have header() and echo in the same script.

<?php
if(isset($_POST['unq_id'])) 
    {
    
    $download_id = $_POST['unq_id'];
    
    $q = "SELECT * FROM uploads WHERE id=$download_id";
    
    $result = mysqli_query($dbc, $q);
    
    while ($row = $result->fetch_assoc()) { 
    $size = $row['size'];
    $name = $row['name'];
    $type = $row['type'];
    $content = $row['content'];
    }
    
    header("Content-length: $size");
    header("Content-type: $type");
    header("Content-Disposition: attachment; filename=$name");
    echo $content;
    exit;
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>

<head>
    <title>Jake Welton</title>    
    <link rel="stylesheet" href="style.css" type="text/css" media="screen" />
    <meta http-equiv="content-type" content="text/html; charset=utf-8" />    
</head>

<body>

    <?php

    require_once('header.php');
    
    if (isset($_POST['delete'])) {
    
    $id = $_POST['delete'];
    
    $q = "DELETE FROM uploads WHERE id=$id LIMIT 1";        
    $r = mysqli_query ($dbc, $q);
        if (mysqli_affected_rows($dbc) == 1) { // If it ran OK.
        
            // Print a message:
            echo '<h1 style="text-align: center;"><br><br>File deleted</h1>
            <meta http-equiv="refresh" content="1; URL=mydocs.php">
            ';    
        
        } else { // If the query did not run OK.
            echo '<br><br><h1 style="text-align: center;">System error</h1>
    <p style="text-align: center;" class="error">The file could not be deleted from your mydocs. We apologize for any incovenience.</p>'; // Public message.
        }
    
    }

    // prepare the query 
    $q = "SELECT id, name FROM uploads WHERE user_id='$userid'"; 

    // run the query 
    $result = mysqli_query($dbc, $q); 

    // check if the query has brought back a result 
    if($result) { 
    { 
    echo "<table border=\"0\" width=\"700\" class=\"mydocs_table\" cellspacing=\"2\" cellpadding=\"0\"><br>";
    while ($row = $result->fetch_assoc()) {
    $id = $row['id'];
    $name = $row['name'];
    
    echo "
    <tr><td width=\"350\" align=\"middle\"> 
    $name       
    </td><td align=\"center\"> 
    <form action=\"mydocs.php\" method=\"POST\"> 
    <input style=\"font-family:Arial, Helvetica, sans-serif;color:#6294A8;font-size:12px; height: 25px; width: 100px\" type=\"submit\" name=\"download\" value=\"Download\"> 
    <input type=\"hidden\" name=\"unq_id\" value=\"$id\"> 
    </form>
    </td>
    <td>
    <form action=\"mydocs.php\" method=\"POST\">
    <input style=\"font-family:Arial, Helvetica, sans-serif;color:#6294A8;font-size:12px; height: 25px; width: 100px\" type=\"submit\" name=\"delete\" value=\"Delete\"> 
    <input type=\"hidden\" name=\"delete\" value=\"$id\">
    </form>
    </td>
    </tr>
    ";
    }
    }
    } else {
    echo "No uploads";
    }
    ?>
    
</body>

</html>

Be sure to read the updated FAQ! || Health is achieved through the same 10,000 steps.
If a suggested code/method fails, informing us is less important than telling us why or what errors occurred.