Uploading files into a MySQL database using PHP

**Slaxer13** · Jun 4 '15, 03:04 PM

Also i tried to do a delete.php but isn't working.

Code:

<?php
include_once 'config_db.php';
if(isset($_GET['remove_id']))
{
	$res=mysql_query("SELECT file FROM tbl_ficheiros WHERE id=".$_GET['remove_id']);
	$row=mysql_fetch_array($res);
	mysql_query("DELETE FROM tbl_ficheiros WHERE id=".$_GET['remove_id']);
}
?>

Can someone tell what's wrong?

**Atli** · Jun 5 '15, 06:48 PM

If the link is directing you to a "get_file.p hp", then that's what your list code must be printing into the anchor tag. PHP doesn't have a mind of it's own; it just does what you tell it to do.

Consider what would happen if I were go to this URL, given the above delete script:

Code:

example.com/delete.php?remove_id=0+OR+TRUE

The SQL query would come out looking like:

Code:

DELETE FROM tbl_ficheiros WHERE id=0 OR TRUE

Which would result in your entire file table being deleted. (Look up SQL Injection)

I'm also not sure how you used my example code, but my examples use MySQLi extension, whereas your delete script is using the obsolete MySQL functions. Those don't mix; if your config file only opens a MySQLi connection, your legacy MySQL calls won't work.

**computerfox** · Jun 6 '15, 04:25 PM

I agree with those that are saying that this is a really bad idea. I tried this before and it's not worth dealing with the raw data when displaying the images as there is a very high chance of data corruption. It also fills up the database with unnecessary data. Normally when dealing with media, you would keep information and statistics of a file in the database such as the name, url, type, and how many times it was viewed/downloaded. But then you would have a directory for the actual file with a random generated name to prevent overwriting the file.

**Atli** · Jun 7 '15, 05:20 AM

Agreed, thus the rather lengthy discussion on that in the intro to the article.

However, what makes you say there is a "very high chance" of data corruption? - There are definitely downsides to storing binary data in a RDBMS, but that specific issue has never been a major one in my experience. (Barring charset issues and such, which would mess with all data, not just binary.)

**rens** · Mar 6 '16, 03:43 AM

hi admin,
i have question, i followed the code above and it works fine with me, problem is when i download it,i cant view it into letters it is already converted to binary file. what should i do? pls help me. im from Philippines

**yousher** · Aug 7 '16, 09:08 AM

Hi,

Your code was useful, but it display records 1(one) data at a time, what if I have many data to be inserted and display in database? Can you please help me.

Thank you
Philippines

**shruthi gs** · Nov 14 '16, 07:37 AM

how can we change this code to upload only pdf and docx files..????

**Love468** · Nov 28 '18, 07:25 AM

how can we display this attached file please can you share the code

**Avengg** · Feb 7 '19, 04:09 PM

Hello. Im a beginner and I want to ask. When I download a file from database, the file is empty. I need help.

**bakertaylor28** · Feb 26 '23, 08:13 PM

As a matter of policy we want to be using the die() function to end the script when dealing with SQL applications and the situtation calls for an error or exception handling, therefore:

Code:

else {
            echo 'Error! Failed to insert the file'
               . "<pre>{$dbLink->error}</pre>";
        }

Should be:

Code:

else {
        die("Error:Failed to insert the file");
        }

The reason why we want to do this is because by killing the script with the die() function, we help prevent code injection by ending the script as soon as possible after an exception is encountered in the event that an injection targets some other security vulnerability in the code.

**xeamcopz** · Mar 1 '23, 05:48 AM

I am new using mysql and php. I tried to follow the example and everything works fine but when I try to download a file, I get the following error message:
Error! Query failed:
Table 'FileStorage.fi leStorage' doesn't exist

**xeamcopz** · Mar 4 '23, 08:12 AM

I hope this has been helpful, and I wish you all the best.

Uploading files into a MySQL database using PHP

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment