PHP Upload Script - Files uploaded Corrupt

Lauri lauri at ruja.ee
Sat Aug 19 19:27:57 UTC 2006 

> On 8/17/06, *Ed K.* <ed at hp.uab.edu <mailto:ed at hp.uab.edu>> wrote:
> 
>     On Wed, 16 Aug 2006, Matthew Benjamin wrote:
>      >
>      > Can anyone help I have a php script that uploads files to a mysql
>     database.
>      > When it uploads the files all of the content in the file gets
>     corrupted. Has
>      > anyone expirienced this. I know I can't be the first person with the
>      > problem. -- Help!!!  Please.
>      >
> 
>     Are you escaping the data from the file?
> 
>     here would be a working php script:
> 
>            $fp=fopen($addfile,"r");
>            $bvar=fread($fp,filesize($addfile));
>            fclose($fp);
>            $bvar=addslashes($bvar);
>            $q="insert into table (file) values ('$bvar')";
> 
>     ed
> 
>     --
>     fedora-list mailing list
>     fedora-list at redhat.com <mailto:fedora-list at redhat.com>
>     To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
>     <https://www.redhat.com/mailman/listinfo/fedora-list>

...

-----

<form enctype="multipart/form-data" action="" method="POST">
     <!-- MAX_FILE_SIZE must precede the file input field -->
     <input type="hidden" name="MAX_FILE_SIZE" value="30000" />
     <!-- Name of input element determines name in $_FILES array -->
     Send this file: <input name="userfile" type="file" />
     <input type="submit" value="Send File" />
</form>


<?php
if(!empty($_FILES['userfile']))
{
   // make dir for the file and move it there
   @mkdir('./temp', 0777);
   move_uploaded_file($_FILES['userfile']['tmp_name'], 
'./temp/'.basename($_FILES['userfile']['name']));

   // read the file and put it to the DB; use base64, 
<http://php.net/base64_encode>
   mysql_query("INSERT INTO table VALUES(0, 'a', 'b', 'c', '" . 
base64_encode(file_get_contents('./temp/'.basename($_FILES['userfile']['name']))) 
. "')");

   // delete the source file and temp directory
   unlink('./temp/'.basename($_FILES['userfile']['name']));
   rmdir('./temp');

   echo 'The file was successfully uploaded!<br />';
}
?>

-----

But why do you want to use a database for the files? To prevent
unauthorized downloading, you can disallow the access to the files and
send them to user also via PHP, see the comments of <http://php.net/header>.

Lauri

More information about the fedora-list mailing list