download image from database

Question

hanspeare 0 Newbie Poster

10 Years Ago

Hello everyone,

I want to download an image which was uploaded from the database

Here is my HTML codes for the download link

<a href='download.php?id=<?php echo $data["LRCard"]; ?>'>Download</a>

and here is my download.php code

<?php
include 'Connect.php';
  mysql_select_db("student");
  $id = $_GET['id'];
  $student_id = htmlentities($_REQUEST['id'], ENT_QUOTES);
  $result = mysql_query("SELECT LRCard FROM student_information where student_id='$_GET[id]'");
if(mysql_num_rows($result) == 1) {
$fileType = @mysql_result($result, 0, "LRCard");
$fileContent = @mysql_result($result, 0, "LRCard");
header("Content-type: $fileType");
echo $fileContent;
}else{
echo "Record doesn't exist.";
}
?>

IN this code the browser displays "Record doesn't exist."

What does it mean? Please edit my codes.

image php

6 Contributors
14 Replies
339 Views
3 Weeks Discussion Span
Latest Post 10 Years Ago Latest Post by hanspeare

broj1 356 Humble servant

10 Years Ago

On line 6 you must enclose the associative index in quotes. Consequently you have to change the code for the query slightly, like:

mysql_query("SELECT LRCard FROM student_information where student_id='" . $_GET['id'] . "'");

or:

mysql_query("SELECT LRCard FROM student_information where student_id='{$_GET['id']}'");

diafol

10 Years Ago

In addition never place input values (GET, POST etc) directly into a query. In your case, you need to use an escaping function, but preferably use mysqli or PDO prepared statements with binding parameters.

mysql_* functions have been deprecated - so don't use them.

diafol

10 Years Ago

I suspect this maybe one of the reason my download.php won't work.

No it'll still work - for now - but we've moved on to pastures new.

Here's a PDO version...

if(isset($_GET['id']) && is_int($_GET['id'])) //assuming id should be an integer
{
    $db = new PDO('mysql:dbname=student;host=localhost','#username#','#password#');

    $stmt = $db->prepare("SELECT LRCard FROM student_information where student_id=:id LIMIT 1");
    $stmt->execute(array(':id', $_GET['id']));

    if($stmt->rowCount())
    {
        //this doesn't make much sense to me
        //why is the content the same as the
        //content type?
        $content = $stmt->fetchColumn();
        header("Content-type: $content");
        echo $content;
        exit;   
    }
}

echo "Record doesn't exist.";

I really don't understand the $content context - is this right??

diafol

10 Years Ago

HOw bout seeing my link
<a href='download.php?id=<?php echo $data["LRCard"]; ?>'>Download</a>
The image is stored in xammp/htdocs/a/LRCard.
Do you think there is mistake in it? Please advise.

Not sure if I understand. Are you asking me to check the link (which is impossible) or something else?

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

hanspeare 0 Newbie Poster · Answer 1 · 2014-05-28T08:35:29+00:00

hello friends,

to Broj1: I have followed your codes and this is now the revised one.

 $result = mysql_query("SELECT LRCard FROM student_information where student_id='{$_GET['id']}'");

But still no luck and doesn't change at all.

to moderator Diafol:

mysql_* functions have been deprecated - so don't use them.

Is there any way i could change this version to new one like mysqli or PDO? I suspect this maybe one of the reason my download.php won't work.

hanspeare 0 Newbie Poster · Answer 2 · 2014-05-30T13:15:56+00:00

Hello Diafol,

Im not really sure of the $content so i decided to eliminate it.
I have also followed your advise,,(all of it, except $content) but still it notifies
"record doesnt exist"

HOw bout seeing my link

<a href='download.php?id=<?php echo $data["LRCard"]; ?>'>Download</a>

The image is stored in xammp/htdocs/a/LRCard.

Do you think there is mistake in it? Please advise.

hanspeare 0 Newbie Poster · Answer 3 · 2014-06-01T05:10:13+00:00

hello diafol..

nope.. i just want to ask your expertise if my codes created the link is right.

and if this is right:

<a href='download.php?id=<?php echo $data["LRCard"]; ?>'>Download</a>

and most probably the problem is in my download.php

diafol · Answer 4 · 2014-06-02T10:23:42+00:00

It looks OK - if you want to pass the $data["LRCard"] value the $_GET['id'] superglobal in your download.php file.

I would suggest that if there are any restrictions about which files can be downloaded by certain users, then ensure that you check this against user permissions before you allow the download.

hanspeare 0 Newbie Poster · Answer 5 · 2014-06-10T07:37:16+00:00

Hello diafol,

I had the honor to copy the download.php codes you've shown me above. I wonder how we can value the $_GET['id']

Please advise.

shophiarajan47 0 Light Poster · Answer 6 · 2014-06-10T16:24:30+00:00

Have your tryied in the PHPmyadmin the query works there?

ALso i like to say try publishing the link in text more first then check if it getting displayed or not. IF yes than it need modifcation as suggested by diafol

andrevanzuydam 1 Junior Poster in Training Premium Member · Answer 7 · 2014-06-11T10:14:27+00:00

Hi Broj1

Please try http://sourceforge.net/projects/cdeengine/ it is a simple include and works for pretty much any database you would need. Have a look at the cdetestclass.php line 170 for an example of how to store an image or file inside the database.

broj1 356 Humble servant Featured Poster · Answer 8 · 2014-06-11T20:59:31+00:00

Had a quick look at it and one of the videos. Seems to be a nice piece of work but haven't figured out why would it be better to use than PDO. Nevertheless, let's not steal hanspeares thread. Hopefully I'll find some more time to test your class sometime in near future.

iwishit 0 Newbie Poster · Answer 9 · 2014-06-12T08:57:53+00:00

I'm often asked if MySQL can be used to store images - in other words as an image library. Yes, it can; you'll store the data using a "blob" type (longblob if the image might exceed 64k) and you need to ensure that the four characters " ' \ and null are encoded to that they don't cause the SQL statements any problems. Once you're aware of that, it shouldn't be any great problem.

hanspeare 0 Newbie Poster · Answer 10 · 2014-06-12T13:33:51+00:00

hello everyone, out of much desperation using the same link code, i modify my codes in download.php

<?php
if(isset($_GET['id']) && is_int($_GET['id']))
//database connection
include 'Connect.php';
    $LRCardname= "";
    $student_id = htmlentities($_REQUEST['id'], ENT_QUOTES);
    $query = "SELECT LRCard from student_information where student_id = '$student_id'";
    $result = mysql_query($query) or die('Error, query failed');
if(mysql_num_rows($result) == 0)
{
echo "Database is empty <br>";
}
else{
while(list($id, $student_id) = mysql_fetch_array($result))
{
?>
<?php 
}}
mysql_close();
?>
<?php
if(isset($_GET['id'])) {
// if id is set then get the file with the id from database
include 'Connect.php';
     $id    = $_GET['id'];
     $query = $query = "SELECT * from student_information where student_id = '$student_id'";
     $result = mysql_query($query) or die('Error, query failed');
list($name, $type, $size, $content) = mysql_fetch_array($result);
header("Content-length: $size");
header("Content-type: $type");
header("Content-Disposition: attachment; filename=$student_id");
ob_clean();
flush();
echo $content;
mysql_close();
exit;
}
?>

THis code displays the browser with

Error, query failed

i just hope im closer to the truth in these :-)