0

I am a PHP beginner and I am trying to upload PDF to my MySQL database. I tried adding some code to make it pdf compatible but it didn't work so i removed it and I have the PHP script that can upload .txt, word docs, images, etc but not PDF. What do you you suggest I should add to it so it works for PDF. Here's my script.

    <html>
<head></head>
<body>
<form method="post" enctype="multipart/form-data">
<table width="350" border="0" cellpadding="1"
cellspacing="1" class="box">
<tr>
<td>Select a file to upload</td>
</tr>
<tr>
<td>
<input type="hidden" name="MAX_FILE_SIZE"
value="16000000">
<input name="userfile" type="file" id="userfile"> 
</td>
</tr>
<tr>
<td width="80"><input name="upload"
type="submit" class="box" id="upload" value=" Upload "></td>
</tr>
</table>
</form>
</body>
</html>
<?php
if(isset($_POST['upload']) && $_FILES['userfile']['size'] > 0)
{
$fileName = $_FILES['userfile']['name'];
$tmpName  = $_FILES['userfile']['tmp_name'];
$fileSize = $_FILES['userfile']['size'];
$fileType = $_FILES['userfile']['type'];
$fileType=(get_magic_quotes_gpc()==0 ? mysql_real_escape_string(
$_FILES['userfile']['type']) : mysql_real_escape_string(
stripslashes ($_FILES['userfile'])));
$fp      = fopen($tmpName, 'r');
$content = fread($fp, filesize($tmpName));
$content = addslashes($content);
fclose($fp);
if(!get_magic_quotes_gpc())
{
    $fileName = addslashes($fileName);
}
$con = mysql_connect('localhost', 'root', '') or die(mysql_error());
$db = mysql_select_db('test', $con);
if($db){
$query = "INSERT INTO upload (name, size, type, content ) ".
"VALUES ('$fileName', '$fileSize', '$fileType', '$content')";
mysql_query($query) or die('Error, query failed'); 
mysql_close();
echo "<br>File $fileName uploaded<br>";
}else { echo "file upload failed"; }
} 
?>
Abhishek Mhatre
  • 535
  • 2
  • 9
  • 15
  • Where do you check for filetype? I don't see that in your code. – putvande Oct 28 '13 at 13:38
  • What field type is your 'content' column? TEXT? It's probably not enough to store the whole pdf-content in it (TEXT can only contain 65,535 bytes of data). Why don't you just upload the file to the server and save the path to it in the database? – davey Oct 28 '13 at 13:39
  • 2
    Why do you want to have the file in the database?, why not do a normal upload to a normal directory and store the path in the database, this was a mistake I also did in my early programming years – Lappies Oct 28 '13 at 13:41
  • 1
    To Save directly images/txt/pdf files in database, it makes database heavy, so upload this file on server and save path of that files in database. – Sanjay Oct 28 '13 at 13:43
  • possible duplicate of [How to store .pdf files into Mysql as Blob from PHP?](http://stackoverflow.com/questions/4813913/how-to-store-pdf-files-into-mysql-as-blob-from-php) – Andy Oct 28 '13 at 13:58

2 Answers2

0

You should store this as binary data. So a column type of BLOB (or MEDIUMBLOB etc., depending on how large the files are - and how much a user can upload). With that, it shouldn't be a problem to store virtually any type of file content.

Furthermore, I don't think you should be adding slashes to the content and directly insert the values in a query, instead consider using parameters. Read up on PHP Data Objects (PDO: http://php.net/manual/en/book.pdo.php) which is a very nice and safe (if used properly!) extension for interacting with a database.

kasimir
  • 1,506
  • 1
  • 20
  • 26
0

Magic quotes have been deprecated for a long time. You shouldn't use it anymore. Since PHP 5.4 it is removed from the language. Especially, when writing new scripts you should avoid this abandoned feature.

If your file is to big to be processed using a PHP file upload script, you might be interested in changing settings like post_max_size. See this thread for more details: Increasing the maximum post size

Instead of the general-use text manipulating function addslashes you should use the escaping function matching your database system. In this case it is mysqli_real_escape_string. As PDF files contain binary data and no text, you shouldn't add and remove slashes on saving and after reading (text processing). Just escape the binary content blob using the adequate MySQL function when inserting the data into the database. A suitable column type for entire files is MEDIUMBLOB. It allows a data length of up to ~16 MB.

After having talked about the php side, a few more hints concerning MySQL. MySQL limits the length of data packets being sent to it. If you use a shared hosting platform (and no dedicated server), chances are high of being limited to only 1 MB. The relevant configuration option is max_allowed_packet. This setting will limit the ability to store documents in the database. See this thread for ideas on how to resolve this problem.

In my opinion it's a bad idea in most cases to store entire documents into a relational database. I usually put the file meta data (size, filename, MIME type, ...) into a database table and store the uploaded binary data in a normal file system directory that isn't readable to the public (e.g. /srv/uploads). Then your files can become as big as you want without sacrificing your database's performance.

Community
  • 1
  • 1
MrSnrub
  • 1,123
  • 1
  • 11
  • 19