mysql - Upload, View PDF in PHP -
so working on upload, view file site seems images , txt files ready view, pdf , word documents don't show. can tell how change can view pdf , word docs in browser?
here upload.php:
<?php include_once 'dbconfig.php'; if(isset($_post['btn-upload'])) { $file = rand(1000,100000)."-".$_files['file']['name']; $file_loc = $_files['file']['tmp_name']; $file_size = $_files['file']['size']; $file_type = $_files['file']['type']; $folder="uploads/"; // new file size in kb $new_size = $file_size/1024; // new file size in kb // make file name in lower case $new_file_name = strtolower($file); // make file name in lower case $final_file=str_replace(' ','-',$new_file_name); if(move_uploaded_file($file_loc,$folder.$final_file)) { $sql="insert tbl_files(file,type,size) values('$final_file','$file_type','$new_size')"; mysql_query($sql); ?> <script> alert('successfully uploaded'); window.location.href='index.php?success'; </script> <?php } else { ?> <script> alert('error while uploading file'); window.location.href='index.php?fail'; </script> <?php } } ?> and here view.php (updated , working):
<?php $file = 'uploads/.pdf'; $filename = 'yolo.pdf'; header('content-type: application/pdf'); header('content-disposition: inline; filename="' . $filename . '"'); header('content-transfer-encoding: binary'); header('accept-ranges: bytes'); @readfile($file); ?> i need able view pdf without having have specific name in code : $filename = 'yolo.pdf';
i have list of pdf files users see. possible, when clicking view button, read id of pdf file in database , store in variable placed in code? way php view specific file whithout having change code every file...
i know may sound little confusing question say.
first add numeric auto-incrementing id table:
alter table `tbl_files` add `id` int not null auto_increment first, add primary key (`id`) ; then instead of generating random number rand(1000,100000) use automatically generated id file name. id after insert mysql_insert_id:
upload.php
// [snip] // fetch original file extension $extension = pathinfo($final_file, pathinfo_extension); $allowedextensions = ["jpg", "jpeg", "png", "gif", "pdf", "doc", "docx"]; // check if file extension allowed if (! in_array($extension, $allowedextensions)) { // report error , abort } // use transaction rollback insert // in case move_uploaded_file fails mysql_query("begin"); // insert file database $sql = "insert tbl_files(file,type,size) values('".mysql_real_escape_string($final_file)."','".mysql_real_escape_string($file_type)."','".mysql_real_escape_string($new_size)."')"; mysql_query($sql); // fetch generated id $id = mysql_insert_id(); // move file $folder , rename "$id.$extension" $filemoved = move_uploaded_file($file_loc,$folder.$id.".".$extension); if ($filemoved) mysql_query("commit"); else // deletes file entry db mysql_query("rollback"); i took time add escaping insert in order prevent sql injection. if can, shouldn't use old mysql interface anymore , instead switch pdo , prepared statements.
serve files using id: view.php?id=1337
<?php $id = filter_input(input_get, "id", filter_validate_int); if (! $id) header("http/1.1 400 bad request"); $result = mysql_query("select * tbl_files id = ".$id); // $id of type int here, no sql injection possible if (! $result) header("http/1.0 404 not found"); $file = mysql_fetch_assoc($result); // fetch original file extension or store database $extension = pathinfo($file["file"], pathinfo_extension); header('content-type: application/pdf'); header('content-disposition: inline; filename="' . $file["file"] . '"'); header('content-transfer-encoding: binary'); header('accept-ranges: bytes'); @readfile("uploads/$id.$extension"); ?> if direct access files possible, should use performance reasons:
// [snip] // fetch original file extension or store database $extension = pathinfo($file["file"], pathinfo_extension); // relocate pdf file have apache/nginx/whatever // serve file instead of php interpreter header("location: uploads/$id.$extension"); for other readers: if don't want grant direct access, still care performance, can use x-sendfile serve files. nginx provides feature natively. apache there module sadly doesn't come shipped.
fix final script
<?php include_once 'config_db.php'; if(isset($_post['btn-upload'])) { $allowedextensions = ["jpg", "jpeg", "png", "gif", "pdf", "doc", "docx"]; $file = $id."-".$_files['file']['name']; $file_loc = $_files['file']['tmp_name']; $file_size = $_files['file']['size']; $file_type = $_files['file']['type']; $folder="uploads/"; // new file size in kb $new_size = $file_size/1024; // new file size in kb // make file name in lower case $new_file_name = strtolower($file); // make file name in lower case $final_file=str_replace(' ','-',$new_file_name); $extension = pathinfo($final_file, pathinfo_extension); // check if file extension allowed if (! in_array($extension, $allowedextensions)) { // report error , abort echo "<script>", "alert('invalid file extension');", "window.location.href='index.php?fail'", "</script>"; } else { $sql = "insert tbl_ficheiros(file,type,size) values('".mysql_real_escape_string($final_file)."','".mysql_real_escape_string($file_type)."','".mysql_real_escape_string($new_size)."')"; mysql_query($sql); // fetch generated id $id = mysql_insert_id(); // move file $folder , rename "$id.$extension" $filemoved = move_uploaded_file($file_loc,$folder.$id.".".$extension); if ($filemoved) { mysql_query("commit"); echo "<script>", "alert('successfully uploaded');", "window.location.href='index.php?success'", "</script>"; } else { // deletes file entry db mysql_query("rollback"); echo "<script>", "alert('error while uploading file');", "window.location.href='index.php?fail'", "</script>"; } } } ?>
Comments
Post a Comment