-4

I have inserted a file with an UPDATE command because I want my files (pdf, jpg) to be in one table together with name, course, etc. and and I just want to know if it it is possible that instead of showing the name of the filename in the table, its filename would be an href on when the person have click it, it would go in the another tab to show is content (pdf, or jpeg).

Here is my code of my addrequirements.php

<?php
include_once 'connection.php';
$result = mysqli_query($conn,"SELECT * FROM collegestud");
$result1 = mysqli_query($conn,"SELECT * FROM shsstud");
session_start();
if(!$_SESSION['login']){
    header("location:index.php");
    die;
}
?>
<div id="ccc">
<?php
if (mysqli_num_rows($result) > 0) {
?>
<table id="example" class="display" style="width:100%;">
<thead>
      <tr>
        <th>Student Id</th>
        <th>Course</th>
        <th>Last Name</th>
        <th>First Name</th>
    <th>Psa</th>
    <th>Form137</th>
    <th>2x2 Picture</th>
        <th>Actions</th>
      </tr>
</thead>
    <tbody id='cccc'>
<?php
    $i=0;
    while($row = mysqli_fetch_array($result)) {
?>
      <tr>
        <td><?php echo $row["Stud_ID"]; ?></td>
        <td><?php echo $row["Course"]; ?></td>
        <td><?php echo $row["Lastname"]; ?></td>
        <td><?php echo $row["Firstname"]; ?></td>
    <td><?php echo $row["PSA"]; ?></td>
    <td><?php echo $row["Form137"]; ?></td>
    <td><?php echo $row["Picture"]; ?></td>
        <td><a style="color:green;"  href="updatecollege1.php?id=<?php echo $row["ID"]; ?>"><i class="fas fa-folder-plus fa-2x "></i></a>&emsp;
    <span><a style="color:red"  href="deletecollege.php?ID=<?php echo $row["ID"]; ?>"onclick="return confirm('Do you really want to delete this student?')"><i class="fas fa-user-minus fa-2x"></i></a></span>
      </td>
      </tr>
<?php
        $i++;
    }
?>
      </tbody>
</table>
<?php
}
else
{
    echo "<p><center><strong>0 RESULTS IN THE TABLE</center></p></strong>";
}
?>

Code of my updatecollege1.php

<?php
include_once 'connection.php';
session_start();
if(!$_SESSION['login']){
   header("location:index.php");
   die;
}

$result = mysqli_query($conn,"SELECT * FROM collegestud WHERE id='" . $_GET['id'] . "'");
$row= mysqli_fetch_array($result);
?>

<div class = "container3">    
    <strong><left>PSA&emsp;&emsp;&emsp;</left></strong>

    <span>&emsp;&emsp;&emsp;<input id="ra" type="text" value="" readonly><a href="psaadd.php?id=<?php echo $row["ID"]; ?>">ADD or UPDATE</a></span><br>

Code of my psaadd.php

<?php
include_once 'connection.php';
session_start();
if(!$_SESSION['login']){
   header("location:index.php");
   die;
}
if(count($_POST)>0) {
    mysqli_query($conn,"UPDATE collegestud 
                            set PSA = '" . $_POST['PSA'] .  "'  
                        WHERE ID='" . $_POST['ID'] . "'");
    $id = $_POST['ID'];
    header('Location: updatecollege1.php?id='.$id);
}
$result = mysqli_query($conn,"SELECT * FROM collegestud WHERE id='" . $_GET['id'] . "'");
$row= mysqli_fetch_array($result);
?>

<form action="" method="POST" onsubmit="return confirm('Are you sure you want to save changes?');">
    <div class= "container2">
        <p style="font-weight: bold; font-size: 35px; text-align: center;">PSA</p>
            <input type="hidden" name="ID" class="txtField" value="<?php echo $row['ID']; ?>">
            <div class = "container3">
                <center>
                    <input name="PSA" type = "file" accept = '.pdf'>
                </center>

PROBLEM:

I just want to have a solution that instead it displays the filename of that file (text), it will show its filename in the table that is clickable to open its file in the another tab.

RiggsFolly
  • 93,638
  • 21
  • 103
  • 149
AlksAndTrsh
  • 35
  • 7
  • 4
    **Warning:** You are wide open to [SQL Injections](https://php.net/manual/en/security.database.sql-injection.php) and should use parameterized **prepared statements** instead of manually building your queries. They are provided by [PDO](https://php.net/manual/pdo.prepared-statements.php) or by [MySQLi](https://php.net/manual/mysqli.quickstart.prepared-statements.php). Never trust any kind of input! Even when your queries are executed only by trusted users, [you are still in risk of corrupting your data](http://bobby-tables.com/). [Escaping is not enough!](https://stackoverflow.com/q/5741187) – Dharman Sep 08 '21 at 11:23

1 Answers1

1

Yes, of course it possible. You should save also relative path to that PDF in database and then show link in UI part:

<!-- Start of table -->
    <td>
        <a href="static_files_location/<?= $row['path']; ?>">Click to view</a>
    </td>

And your database table will have 1 additional field named path VARCHAR(256) NOT NULL with value e.g. students/some_name_of_file.pdf

Never store file content to database, it's not build to hold file contents

Justinas
  • 41,402
  • 5
  • 66
  • 96
  • it worked thank you so much, but how can I moved a certain file if i add one? (using mysqli_query($conn,"UPDATE collegestud set PSA = '" . $_POST['PSA'] . "' WHERE ID='" . $_POST['ID'] . "'"); – AlksAndTrsh Sep 08 '21 at 12:51
  • I have tried to put a pdf file first in the upload folder before adding it actually in the system and now it worked i can open that pdf in a new browser (which means its linked) but how can i add automatically the file in the upload folder if i add it in the system – AlksAndTrsh Sep 08 '21 at 12:53