0

Possible Duplicate:
Forcing to download a file using PHP

I am currently building a site where it lets users upload and download files, I am following a tutorial, but am changing it, I want this page to show a download link so that the user can download the file. The files are stored in a MYSQL database.

Here is the code,

<?php

include ("Design/header.php"); 
require ("connect.php");

$itemid = $_GET['album'];

$file = mysql_query ("SELECT * FROM albums WHERE fileid=''");

include ("Design/footer.php");  

?>

I just can't think of how to make a download link just for this file and for it to change for each other file on the site.

I will give more detail,

I have it setup so that when the file is uploaded it is given a unique id, and when the file is click on the site it brings the user to "viewfile.php?file=".$row['fileid']."'>" but on the viewfile.php page I want it so that when "Download File" is click that it downloads the correct file.

Also the code is not finished.

Community
  • 1
  • 1
hammy78
  • 1
  • 1

1 Answers1

0

The code below is an example of the general workflow for retrieving data from a DB and returning it to a web page.

  <?php
    include ("Design/header.php"); 
    $db = new PDO('dblib:host=your_hostname;dbname=your_db;charset=UTF-8', $user, $pass);

    $itemid = $_GET['album'];

    $preparedStatement = $db->prepare('SELECT * FROM contact WHERE fieldid :album');
    $preparedStatement ->bindValue(':album', $itemid);
    $preparedStatement->execute();



    while($row = $preparedStatement->fetchAll())
    {
        echo  "<a href='".$row['fileurl']."'>File Link</a> <br>"
    }

    include 'closedb.php';
    ?>

Your general workflow is:

  1. Get data from user.
  2. Ensure data is sanitized.
  3. Run query with data on your DB.
  4. Return data to the user using HTML.

Some good references for you:

  1. PDO Class
  2. Parametrized Queries
  3. Retrieve Data from MySQL DB
Community
  • 1
  • 1
garnertb
  • 9,454
  • 36
  • 38
  • How would I go implementing this into my site? – hammy78 May 21 '11 at 13:15
  • Don't forget to escape/encode URLs! If `fileurl` can contain something like `' onclick="return maliciousFunction()" '`, a user may be vulnerable to [XSS](http://en.wikipedia.org/wiki/XSS). – Marcel Korpel May 21 '11 at 13:26
  • I put it into the site and get this error, Fatal error: Class 'PDO' not found in /home/a8490126/public_html/viewfile.php on line 3 – hammy78 May 21 '11 at 13:41
  • Run phpinfo on your server to see if you have PDO enabled, if so you may need to add the following to your php.ini file: extension="pdo.so" extension="pdo_mysql.so" – garnertb May 21 '11 at 13:44
  • I changed webhost and get this error now, Fatal error: Uncaught exception 'PDOException' with message 'could not find driver' in /home/u559071669/public_html/viewfile.php:3 Stack trace: #0 /home/u559071669/public_html/viewfile.php(3): PDO->__construct('dblib:mysql.fre...', NULL, NULL) #1 {main} thrown in /home/u559071669/public_html/viewfile.php on line 3 – hammy78 May 21 '11 at 14:23