PHP/MySql: Storing PDF in Blob

Question

ItecKid 0 Junior Poster in Training

12 Years Ago

Hello all,

First off, I am not here to debate the merit of storing PDF as a blob in MySQL. I know this is not optimal solution, but this is the requirement that I have to work with.

The upload appears to be successful, (Field in the database is filled with binary data) but when we try to retrieve the data, we get an error message saying the file is corrupt or damaged. Here is some relevant code:

function validate () {
$validated = 0;
if ($_FILES && $_FILES['resume']['name']) {
    $file_info = pathinfo($_FILES['resume']['name']);

    if (in_array(strtolower($file_info['extension']), $extensions)) { //Extensions is an array containing the acceptable extensions for uploaded file.
        $validated = 1;
    }
}
if ($validated) {
                $tmpName = $_FILES['resume']['tmp_name'];

                // Sanitize the file entry and slurp
                $fp = fopen ($tmpName, 'r');
                $content = fread($fp, filesize($tmpName));
                $content = addslashes ($content);
                $data = array ("type" => $_FILES['resume']['type'], "content" => $content, "name" => $_FILES['resume']['name'], "size" => $_FILES['resume']['size']);
                return $data;
}
        else {
                die ("Invalid file type!");
        }
}

$file = validate();
$file_type = $file['type'];
$file_data = $file['content'];
$file_name = $file['name'];
$file_size = $file['size'];

try {
        //These variables are getting set correctly.
        $link = new PDO ("$driver:host=$host;dbname=$dbname", $user, $password);
}
catch (PDOException $pe) {
        die ($pe->getMessage());
}

$stmt6 = $link->prepare ("INSERT INTO fileInformation
                (id, data, type, name, size) VALUES (:id, :rdata, :rtype, :rname, :rsize)");

$stmt6->bindParam (':id', $id); //ID is set correctly from a previous statement
$stmt6->bindParam (':rdata', $file_data, PDO::PARAM_LOB);
$stmt6->bindParam (':rtype', $file_type);
$stmt6->bindParam (':rname', $file_name);
$stmt6->bindParam (':rsize', $file_size);

$stmt6->execute();

Here is relevant code from our retrieval script:

$sql = "SELECT * FROM fileInformation
            WHERE fileInformation.id = ".$id; //ID is correctly set above.  Database connection information is correct. 

$result = mysql_query($sql);

// If the query was invalid or failed to return a result, an error is thrown

if(!$result || !mysql_num_rows($result)){
    echo "Invalid file chosen.";
    exit;
}


$curr_file = mysql_fetch_assoc($result);

$size = $curr_file['size'];
$type = $curr_file['type'];
$name = $curr_file['name'];
$content = $curr_file['data'];

header("Content-length: ".$size."");
header("Content-type: application/pdf");
header('Content-Disposition: attachment; filename="'.$name.'"');
echo $content;

Thank you for any help you can provide.

EDIT: Here is relevant table information:

CREATE TABLE `fileInformation` (
  `id` int(13) NOT NULL,
  `data` mediumblob NOT NULL,
  `type` varchar(255) NOT NULL,
  `name` varchar(40) NOT NULL,
  `size` varchar(45) NOT NULL,
  PRIMARY KEY (`id`),
  CONSTRAINT `fileInformation_ibfk_1` FOREIGN KEY (`id`) REFERENCES `basicInformation` (`id`) ON DELETE NO ACTION ON UPDATE NO ACTION
) ENGINE=InnoDB DEFAULT CHARSET=latin1;

php

Edited 12 Years Ago by ItecKid because: n/a

2 Contributors
1 Reply
2K Views
7 Hours Discussion Span
Latest Post 12 Years Ago Latest Post by cereal

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

cereal 1,524 Nearly a Senior Poster Featured Poster · Answer 1 · 2012-01-17T23:07:29+00:00

Change addslashes() with mysql_real_escape_string() at line 16.
But you should also move file somewhere else with move_uploaded_file() and check for mime-type match. Bye.