$result = mysqli_query($dbLink, "SELECT FileID, FileName, FileMime, FileSize, ToolNumber, Created FROM FileStorage WHERE ToolNumber = '" . mysql_real_escape_string($textfield) . "'");
$result = mysqli_query($dbLink, "SELECT FileID, FileName, FileMime, FileSize, ToolNumber, Created FROM FileStorage WHERE ToolNumber = '$textfield' ");
$result = mysqli_query($dbLink, "SELECT FileID, FileName, FileMime, FileSize, ToolNumber, Created FROM FileStorage WHERE ToolNumber = '" . mysqli_real_escape_string($textfield) . "'");
"SELECT FileID, FileName, FileMime, FileSize, ToolNumber, Created FROM FileStorage WHERE id= '$id' AND ToolNumber = '" . mysqli_real_escape_string($textfield) . "'");
mysqli_real_escape_string($textfield)
mysqli_real_escape_string($dbLink,$textfield)
if($result)
{
# Make sure there are some files in there
if(mysqli_num_rows($result) == 0) {
echo "<p>There are no files in the database</p>";
}
else
{
# Print the top of a table
echo "<table width='100%'><tr>";
echo "<td><b>Name</b></td>";
echo "<td><b>Mime</b></td>";
echo "<td><b>Size (bytes)</b></td>";
echo "<td><b>Created</b></td>";
echo "<td><b>Tool Number</b></td>";
echo "<td><b> </b></td>";
echo "</tr>";
# Print each file
while($row = mysqli_fetch_assoc($result))
{
# Print file info
echo "<tr><td>". $row['FileName']. "</td>";
echo "<td>". $row['FileMime']. "</td>";
echo "<td>". $row['FileSize']. "</td>";
echo "<td>". $row['Created']. "</td>";
echo "<td>". $row['ToolNumber']. "</td>";
# Print download link
echo "<td><a href='get_file.php?id=". $row['FileID'] ."'>Download</a></td>";
echo "</tr>";
}
# Close table
echo "</table>";
}
# Free the result
mysqli_free_result($result);
}
else
{
echo "Error! SQL query failed:";
echo "<pre>". $dbLink->error ."</pre>";
}
# Close the mysql connection
mysqli_close($dbLink);
?>
<?php
# Connect to the database
$dbLink = mysqli_connect("71.39.54.10", "root", "trinidad", "tools");
if(mysqli_connect_errno()) {
die("MySQL connection failed: ". mysqli_connect_error());
}
# Query for a list of all existing files
// just one possibility...
$textfield = $_POST['textfield'];
$result = mysqli_query($dbLink,
"SELECT FileID, FileName, FileMime,
FileSize, ToolNumber, Created
FROM FileStorage
WHERE ToolNumber =
'" . mysqli_real_escape_string($dbLink,$textfield)
# Check if it was successfull
if($result)
{
# Make sure there are some files in there
if(mysqli_num_rows($result) == 0) {
echo "<p>There are no files in the database</p>";
}
else
{
# Print the top of a table
echo "<table width='100%'><tr>";
echo "<td><b>Name</b></td>";
echo "<td><b>Mime</b></td>";
echo "<td><b>Size (bytes)</b></td>";
echo "<td><b>Created</b></td>";
echo "<td><b>Tool Number</b></td>";
echo "<td><b> </b></td>";
echo "</tr>";
# Print each file
while($row = mysqli_fetch_assoc($result))
{
# Print file info
echo "<tr><td>". $row['FileName']. "</td>";
echo "<td>". $row['FileMime']. "</td>";
echo "<td>". $row['FileSize']. "</td>";
echo "<td>". $row['Created']. "</td>";
echo "<td>". $row['ToolNumber']. "</td>";
# Print download link
echo "<td><a href='get_file.php?id=". $row['FileID'] ."'>Download</a></td>";
echo "</tr>";
}
# Close table
echo "</table>";
}
# Free the result
mysqli_free_result($result);
}
else
{
echo "Error! SQL query failed:";
echo "<pre>". $dbLink->error ."</pre>";
}
# Close the mysql connection
mysqli_close($dbLink);
?>
$result = mysqli_query($dbLink, "SELECT FileID, FileName, FileMime, FileSize, ToolNumber, Created FROM FileStorage WHERE ToolNumber = '" . mysqli_real_escape_string($dbLink,$textfield)
$result = mysqli_query($dbLink, "SELECT FileID, FileName, FileMime, FileSize, ToolNumber, Created FROM FileStorage WHERE ToolNumber = '" . mysqli_real_escape_string($dbLink,$textfield) . "'";
$result = mysqli_query($dbLink, "SELECT FileID, FileName, FileMime, FileSize, ToolNumber, Created FROM FileStorage WHERE ToolNumber = '" . mysqli_real_escape_string($dbLink,$textfield) . "'";
Comment