Results 1 to 2 of 2

Thread: PHP/MySQL - Link to word doc/pdf in database

  1. #1
    Join Date
    May 2011

    PHP/MySQL - Link to word doc/pdf in database

    Hi guys,

    Wondering if anyone can help me please, I'm fairly new to php, but do understand it all.

    On my webpage, I have a login area, and on one of the sub pages, I'd like to display a list of word/pdf documents for that username.

    This is all ok, but I'm not sure how to achieve the later, I have created a MySQL table with a column being a medium blob, have (I think) successfully uploaded a simple word document into the table for a test user, so when I am on my php page, I am struggling to display this file as a char string. e.g. download, then when you click on this word, the pdf/word doc opens up.

    Here is my code that I'm trying.

    // Get clients graphics history information

    $graphhist_sql = "SELECT history_number as hist_num, init_moodboard as init_moodboard,
    final_moodboard as final_moodboard FROM *****
    WHERE username = '$user'";

    // Execute SQL
    $graphhist_query = mysql_query($graphhist_sql, $connect) or die(mysql_error() . 'Error - Could not run SQL command');

    while ($graphhist_results = mysql_fetch_array($graphhist_query))
    { ?>

    <div id="CLGraphicsDownloadFiles">

    <table width="200" border="0" cellspacing="1" cellpadding="1">
    <th scope="col"><h3>Initial Moodboard</h3></th>
    -- line in question <td><i><a href="<?php $graphhist_results['init_moodboard'] ?>" target="_blank">download</a><?php }?></i></td>

  2. #2
    Join Date
    Dec 2011
    First I would either use mysqli_query or PDO for it is more secure, Second don't inject the variable ($user) directly into the query

    Do something like the following
    PHP Code:
    function html_escape($raw_input) {
    htmlspecialchars($raw_inputENT_QUOTES ENT_HTML401'UTF-8');     // important! don't forget to specify ENT_QUOTES and the correct encoding

    PHP Code:
    function update_content($edited_content) {
    $edited_content html_escape($edited_content['content']); // Making sure no nasty injections happen.
    $query "UPDATE pages SET content='$edited_content' WHERE id LIMIT 1";
    // Execute the query here now
    $query mysqli_query($db$query) or die (mysqli_error($db)); 

    While nothing is 100 percent secure, it's best to have as tight as security as possible. One last thing I think you are making it your problem more trouble than it should be. maybe do something like the following?

    PHP Code:
    function display_content() {

    $db// Database Variable
    $user_id html_escape($_GET['id']);
    $query "SELECT id, content FROM pages WHERE id=$user_id LIMIT 1";
    // Get result from database or display error to user
    $result mysqli_query($db,$query) or die(mysqli_error($db));
    // Fetches the array .... MYSQLI_BOTH is Integer and String
    $result mysqli_fetch_array($resultMYSQLI_BOTH);               

    then all you have to do is some like this

    PHP Code:
    "<p>" $result['content'] . "</p>";
    Obviously the code above will not work, but I hope this gives you a better start to your problem.

Similar Threads

  1. Change database from mysql 4 to mysql 5 affects my calendar event page
    By newphpbees in forum Client & Server Side Scripting (PHP, ASP, JavaScript)
    Replies: 1
    Last Post: 20 Oct 2010, 03:19 AM
  2. Php and doc types?
    By benjaminj88 in forum Client & Server Side Scripting (PHP, ASP, JavaScript)
    Replies: 0
    Last Post: 13 Oct 2010, 01:13 PM
  3. Replies: 0
    Last Post: 06 May 2009, 09:28 PM
  4. RTF / DOC to PDF using PHP
    By subzerostudio in forum Client & Server Side Scripting (PHP, ASP, JavaScript)
    Replies: 1
    Last Post: 05 Feb 2009, 08:04 AM
  5. Replies: 0
    Last Post: 15 Apr 2008, 01:34 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts