0

Hello all,

First off, I am not here to debate the merit of storing PDF as a blob in MySQL. I know this is not optimal solution, but this is the requirement that I have to work with.

The upload appears to be successful, (Field in the database is filled with binary data) but when we try to retrieve the data, we get an error message saying the file is corrupt or damaged. Here is some relevant code:

function validate () {
$validated = 0;
if ($_FILES && $_FILES['resume']['name']) {
    $file_info = pathinfo($_FILES['resume']['name']);

    if (in_array(strtolower($file_info['extension']), $extensions)) { //Extensions is an array containing the acceptable extensions for uploaded file.
        $validated = 1;
    }
}
if ($validated) {
                $tmpName = $_FILES['resume']['tmp_name'];

                // Sanitize the file entry and slurp
                $fp = fopen ($tmpName, 'r');
                $content = fread($fp, filesize($tmpName));
                $content = addslashes ($content);
                $data = array ("type" => $_FILES['resume']['type'], "content" => $content, "name" => $_FILES['resume']['name'], "size" => $_FILES['resume']['size']);
                return $data;
}
        else {
                die ("Invalid file type!");
        }
}

$file = validate();
$file_type = $file['type'];
$file_data = $file['content'];
$file_name = $file['name'];
$file_size = $file['size'];

try {
        //These variables are getting set correctly.
        $link = new PDO ("$driver:host=$host;dbname=$dbname", $user, $password);
}
catch (PDOException $pe) {
        die ($pe->getMessage());
}

$stmt6 = $link->prepare ("INSERT INTO fileInformation
                (id, data, type, name, size) VALUES (:id, :rdata, :rtype, :rname, :rsize)");

$stmt6->bindParam (':id', $id); //ID is set correctly from a previous statement
$stmt6->bindParam (':rdata', $file_data, PDO::PARAM_LOB);
$stmt6->bindParam (':rtype', $file_type);
$stmt6->bindParam (':rname', $file_name);
$stmt6->bindParam (':rsize', $file_size);

$stmt6->execute();

Here is relevant code from our retrieval script:

$sql = "SELECT * FROM fileInformation
            WHERE fileInformation.id = ".$id; //ID is correctly set above.  Database connection information is correct. 

$result = mysql_query($sql);

// If the query was invalid or failed to return a result, an error is thrown

if(!$result || !mysql_num_rows($result)){
    echo "Invalid file chosen.";
    exit;
}


$curr_file = mysql_fetch_assoc($result);

$size = $curr_file['size'];
$type = $curr_file['type'];
$name = $curr_file['name'];
$content = $curr_file['data'];

header("Content-length: ".$size."");
header("Content-type: application/pdf");
header('Content-Disposition: attachment; filename="'.$name.'"');
echo $content;

Thank you for any help you can provide.

EDIT: Here is relevant table information:

CREATE TABLE `fileInformation` (
  `id` int(13) NOT NULL,
  `data` mediumblob NOT NULL,
  `type` varchar(255) NOT NULL,
  `name` varchar(40) NOT NULL,
  `size` varchar(45) NOT NULL,
  PRIMARY KEY (`id`),
  CONSTRAINT `fileInformation_ibfk_1` FOREIGN KEY (`id`) REFERENCES `basicInformation` (`id`) ON DELETE NO ACTION ON UPDATE NO ACTION
) ENGINE=InnoDB DEFAULT CHARSET=latin1;

Edited by ItecKid: n/a

2
Contributors
1
Reply
5
Views
5 Years
Discussion Span
Last Post by cereal
1

Change addslashes() with mysql_real_escape_string() at line 16.
But you should also move file somewhere else with move_uploaded_file() and check for mime-type match. Bye.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.