Re: Putting/retriving files into a database
From: Michael Fuhr (mfuhr_at_fuhr.org)
Date: 11/10/03
- Previous message: Tom Thackrey: "Re: Putting/retriving files into a database"
- In reply to: Eric Kincl: "Putting/retriving files into a database"
- Next in thread: Martin Meredith: "Re: Putting/retriving files into a database"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: 10 Nov 2003 00:04:08 -0700
Eric Kincl <Eric@Kincl.net_NO_SPAM_> writes:
> I was wondering how you stick a file into a database, and then retrive it
> again for the user with PHP/MySQL. I tried the following which apparently
> didnt work...
Have you looked at the chapter in the PHP manual entitled "Handling
File Uploads"?
http://www.php.net/manual/en/features.file-upload.php
> Very quick overview of what I did...
>
> html
> ------
> <input type="file" name="file"><input type="submit>
What does your <FORM> tag look like? Does it have
ENCTYPE="multipart/form-data"?
> PHP
> ------
> $SQL = "INSERT INTO table (file) VALUES (" + $_REQUEST['file'] + ");";
>
> I didn't even bother running the SQL querry, I just echoed it and I got the
> location of the file (ie: /home/eric/blah...)
I suspect that you didn't specify ENCTYPE correctly or at all in
your <FORM> tag. If you had, then $_REQUEST['file'] shouldn't be
set all; instead, $_FILES['file'] should have the info you're looking
for. See the aforementioned chapter on handling file uploads for
details.
Also, *never* put user-supplied input (e.g., form data) in an SQL
statement without first making sure it's sanitized. See the Security
chapter in the PHP manual for more information, and pay particular
attention to what it says about SQL Injection in the "Database
Security" section. Even on a private server that the Bad Guys can't
get to, it's a good idea to use good programming habits so they'll
be familiar if you ever have to work on a public-facing application.
http://www.php.net/manual/en/security.index.php
> How do I get the file into the database, and once its there, how do i get it
> back out?
You have to get the file's contents before you can insert them into
the database. Study the "Handling File Uploads" chapter in the PHP
manual and post a follow up if it doesn't answer your questions.
Once you learn how to get the file's contents, you can store them
in a database with an INSERT statement (making sure to sanitize the
data) and retrieve them with a SELECT query. If you continue to
have problems, then please post a small but complete sample of your
code so we can see what you're doing.
-- Michael Fuhr http://www.fuhr.org/~mfuhr/
- Previous message: Tom Thackrey: "Re: Putting/retriving files into a database"
- In reply to: Eric Kincl: "Putting/retriving files into a database"
- Next in thread: Martin Meredith: "Re: Putting/retriving files into a database"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
