0

Hello everyone,

I want to download an image which was uploaded from the database

Here is my HTML codes for the download link

<a href='download.php?id=<?php echo $data["LRCard"]; ?>'>Download</a>

and here is my download.php code

<?php
include 'Connect.php';
  mysql_select_db("student");
  $id = $_GET['id'];
  $student_id = htmlentities($_REQUEST['id'], ENT_QUOTES);
  $result = mysql_query("SELECT LRCard FROM student_information where student_id='$_GET[id]'");
if(mysql_num_rows($result) == 1) {
$fileType = @mysql_result($result, 0, "LRCard");
$fileContent = @mysql_result($result, 0, "LRCard");
header("Content-type: $fileType");
echo $fileContent;
}else{
echo "Record doesn't exist.";
}
?>

IN this code the browser displays "Record doesn't exist."

What does it mean? Please edit my codes.

6
Contributors
14
Replies
81
Views
3 Years
Discussion Span
Last Post by hanspeare
Featured Replies
  • 1
    diafol 3,720   3 Years Ago

    In addition never place input values (GET, POST etc) directly into a query. In your case, you need to use an escaping function, but preferably use mysqli or PDO prepared statements with binding parameters. mysql_* functions have been deprecated - so don't use them. Read More

0

On line 6 you must enclose the associative index in quotes. Consequently you have to change the code for the query slightly, like:

mysql_query("SELECT LRCard FROM student_information where student_id='" . $_GET['id'] . "'");

or:

mysql_query("SELECT LRCard FROM student_information where student_id='{$_GET['id']}'");
1

In addition never place input values (GET, POST etc) directly into a query. In your case, you need to use an escaping function, but preferably use mysqli or PDO prepared statements with binding parameters.

mysql_* functions have been deprecated - so don't use them.

0

hello friends,

to Broj1: I have followed your codes and this is now the revised one.

 $result = mysql_query("SELECT LRCard FROM student_information where student_id='{$_GET['id']}'");

But still no luck and doesn't change at all.

to moderator Diafol:

mysql_* functions have been deprecated - so don't use them.

Is there any way i could change this version to new one like mysqli or PDO? I suspect this maybe one of the reason my download.php won't work.

0

I suspect this maybe one of the reason my download.php won't work.

No it'll still work - for now - but we've moved on to pastures new.

Here's a PDO version...

if(isset($_GET['id']) && is_int($_GET['id'])) //assuming id should be an integer
{
    $db = new PDO('mysql:dbname=student;host=localhost','#username#','#password#');

    $stmt = $db->prepare("SELECT LRCard FROM student_information where student_id=:id LIMIT 1");
    $stmt->execute(array(':id', $_GET['id']));

    if($stmt->rowCount())
    {
        //this doesn't make much sense to me
        //why is the content the same as the
        //content type?
        $content = $stmt->fetchColumn();
        header("Content-type: $content");
        echo $content;
        exit;   
    }
}

echo "Record doesn't exist.";

I really don't understand the $content context - is this right??

0

Hello Diafol,

Im not really sure of the $content so i decided to eliminate it.
I have also followed your advise,,(all of it, except $content) but still it notifies
"record doesnt exist"

HOw bout seeing my link

<a href='download.php?id=<?php echo $data["LRCard"]; ?>'>Download</a>

The image is stored in xammp/htdocs/a/LRCard.

Do you think there is mistake in it? Please advise.

0

HOw bout seeing my link
<a href='download.php?id=<?php echo $data["LRCard"]; ?>'>Download</a>
The image is stored in xammp/htdocs/a/LRCard.
Do you think there is mistake in it? Please advise.

Not sure if I understand. Are you asking me to check the link (which is impossible) or something else?

0

hello diafol..

nope.. i just want to ask your expertise if my codes created the link is right.

and if this is right:

<a href='download.php?id=<?php echo $data["LRCard"]; ?>'>Download</a>

and most probably the problem is in my download.php

0

It looks OK - if you want to pass the $data["LRCard"] value the $_GET['id'] superglobal in your download.php file.

I would suggest that if there are any restrictions about which files can be downloaded by certain users, then ensure that you check this against user permissions before you allow the download.

0

Hello diafol,

I had the honor to copy the download.php codes you've shown me above. I wonder how we can value the $_GET['id']

Please advise.

0

Have your tryied in the PHPmyadmin the query works there?

ALso i like to say try publishing the link in text more first then check if it getting displayed or not. IF yes than it need modifcation as suggested by diafol

0

Had a quick look at it and one of the videos. Seems to be a nice piece of work but haven't figured out why would it be better to use than PDO. Nevertheless, let's not steal hanspeares thread. Hopefully I'll find some more time to test your class sometime in near future.

0

I'm often asked if MySQL can be used to store images - in other words as an image library. Yes, it can; you'll store the data using a "blob" type (longblob if the image might exceed 64k) and you need to ensure that the four characters " ' \ and null are encoded to that they don't cause the SQL statements any problems. Once you're aware of that, it shouldn't be any great problem.

Edited by happygeek: spam link deleted

0

hello everyone, out of much desperation using the same link code, i modify my codes in download.php

<?php
if(isset($_GET['id']) && is_int($_GET['id']))
//database connection
include 'Connect.php';
    $LRCardname= "";
    $student_id = htmlentities($_REQUEST['id'], ENT_QUOTES);
    $query = "SELECT LRCard from student_information where student_id = '$student_id'";
    $result = mysql_query($query) or die('Error, query failed');
if(mysql_num_rows($result) == 0)
{
echo "Database is empty <br>";
}
else{
while(list($id, $student_id) = mysql_fetch_array($result))
{
?>
<?php 
}}
mysql_close();
?>
<?php
if(isset($_GET['id'])) {
// if id is set then get the file with the id from database
include 'Connect.php';
     $id    = $_GET['id'];
     $query = $query = "SELECT * from student_information where student_id = '$student_id'";
     $result = mysql_query($query) or die('Error, query failed');
list($name, $type, $size, $content) = mysql_fetch_array($result);
header("Content-length: $size");
header("Content-type: $type");
header("Content-Disposition: attachment; filename=$student_id");
ob_clean();
flush();
echo $content;
mysql_close();
exit;
}
?>

THis code displays the browser with

Error, query failed

i just hope im closer to the truth in these :-)

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.