Uploading files into a my sql database using php


Published on

Published in: Technology
  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Uploading files into a my sql database using php

  1. 1. Uploading files into a MySQL database using PHPAtliYou may be wondering why you would want to put your files “into” the database, rather thanjust onto the file-system. Well, most of the time, you wouldn’t.In situations where your PHP application needs to store entire files, the preferred method isto save the file onto the server’s file-system, and store the physical location of the file in yourdatabase. This is generally considered to be the easiest and fastest way to store files.However, you may find yourself in situations where you would want to keep the file itself withthe other data in your database. This gives you - or rather: MySQL - complete control overthe file data, rather than just the location of the file on the server.There are some downsides to this method though, such as; decreased performance andadded complexity to both your PHP code and your database structure. This is something youshould carefully consider before using this in a real-life application.Having said that, this article demonstrates how you can upload a file from a browser intoMySQL, and how to send the files back to the browser.Before you startTo get through this smoothly, you should be familiar with the following: • PHP Basics • MySQL Basics • Using MySQL in PHP (mysqli) • HTML Forms and how to handle POST data in PHP.The battle planAs with all programs, before we start writing we need to plan a little ahead. Just so we knowwhat we are going to write before we write it.Before we start on the program, we need to design the database. This is not a complexdesign, as we are not talking about creating some complex filing system. We only need asingle table, containing a BLOB field for our file and various other fields to store informationon our file, such as name, size, type.Now then. The first phase of the program is getting the file from our users onto the serverwhere our PHP can interact with it. This is the simplest part of the process, requiring only abasic HTML form.
  2. 2. The second phase involves reading the uploaded file, making sure it was uploadedsuccessfully and adding it to the database. This is a similar process as the one used whenuploading a file to the file-system, but using the MySQL functions rather than the file-systemfunctions.The third phase is to list all files that have been uploaded and saved on the database, with alink so it can be downloaded. The only problem here would be the fact that the file does notexists on the server, so how do we create a link to it? That is a problem handled by phase 4,all we need to do in phase 3 is create a link with the ID of the file to be downloadedembedded in the URL.The fourth, and final, part is the one that is most confusing about this process. The partwhere we fetch the file and send it to the clients browser.We start by using the MySQL functions, and the ID sent by phase 3, to fetch the file datafrom the database. Then we set a few headers, letting the browser know what to expect,before finally sending the contents of the file.Now, using this summary as a guide, lets start writing our program.Phase 0: Building a databaseThe database is simple. One table with a BLOB field for the file data and a few fields forvarious pieces of information relating to the file:Expand|Select|Wrap|Line Numbers 1. CREATE TABLE `file` ( 2. `id` Int Unsigned Not Null Auto_Increment, 3. `name` VarChar(255) Not Null Default Untitled.txt, 4. `mime` VarChar(50) Not Null Default text/plain, 5. `size` BigInt Unsigned Not Null Default 0, 6. `data` MediumBlob Not Null, 7. `created` DateTime Not Null, 8. PRIMARY KEY (`id`) 9. ) 10.As you see, we store the file name, including the extension.We have the mime type, which we use to let the browser know what kind of file we aredealing with.The size of the file in bytes.And finally the data itself, in a MediumBlob field.Phase 1: Uploading the fileNow, we need to get the file from the user. The table we designed does not require any
  3. 3. additional information from the user, so we will make this simple and create a HTML formwith only a single "file" input field and a submit button:Expand|Select|Wrap|Line Numbers 1. <!DOCTYPE html> 2. <head> 3. <title>MySQL file upload example</title> 4. <meta http-equiv="content-type" content="text/html; charset=U TF-8"> 5. </head> 6. <body> 7. <form action="add_file.php" method="post" enctype="multipart/ form-data"> 8. <input type="file" name="uploaded_file"><br> 9. <input type="submit" value="Upload file"> 10. </form> 11. <p> 12. <a href="list_files.php">See all files</a> 13. </p> 14.</body> 15.</html>Note the third attribute of the <form> element, "enctype". This tells the browser how to sendthe form data to the server. As it is, when sending files, this must be set to "multipart/form-data".If it is set any other way, or not set at all, your file is probably not going to be transmittedcorrectly.At the bottom, we have a link to the list we will create in phase 3.Phase 2: Add the file to the databaseIn the form we built in phase 1, we set the action property to "add_file.php". This is the file weare going to build it this phase of the process.This file needs to check if a file has been uploaded, make sure it was uploaded withouterrors, and add it to the database:Expand|Select|Wrap|Line Numbers 1. <?php 2. // Check if a file has been uploaded 3. if(isset($_FILES[uploaded_file])) { 4. // Make sure the file was sent without errors 5. if($_FILES[uploaded_file][error] == 0) { 6. // Connect to the database 7. $dbLink = new mysqli(, user, pwd, myTable);
  4. 4. 8. if(mysqli_connect_errno()) {9. die("MySQL connection failed: ". mysqli_connect_error());10. }11.12. // Gather all required data13. $name = $dbLink->real_escape_string($_FILES[uploaded_file] [name]);14. $mime = $dbLink->real_escape_string($_FILES[uploaded_file] [type]);15. $data = $dbLink->real_escape_string(file_get_contents($_FILES [uploaded_file][tmp_name]));16. $size = intval($_FILES[uploaded_file][size]);17.18. // Create the SQL query19. $query = "20. INSERT INTO `file` (21. `name`, `mime`, `size`, `data`, `created`22. )23. VALUES (24. {$name}, {$mime}, {$size}, {$data}, NOW()25. )";26.27. // Execute the query28. $result = $dbLink->query($query);29.30. // Check if it was successfull31. if($result) {32. echo Success! Your file was successfully added!;33. }34. else {35. echo Error! Failed to insert the file36. . "<pre>{$dbLink->error}</pre>";37. }38. }39. else {40. echo An error accured while the file was being uploaded. 41. . Error code: . intval($_FILES[uploaded_file] [error]);42. }43.44. // Close the mysql connection45. $dbLink->close();46. }47. else {48. echo Error! A file was not sent!;49. }50.
  5. 5. 51. // Echo a link back to the main page 52. echo <p>Click <a href="index.html">here</a> to go back</p>; 53. ?> 54.Phase 3: Listing all existing filesSo, now that we have a couple of files in our database, we need to create a list of files andlink them so they can be downloaded:Expand|Select|Wrap|Line Numbers 1. <?php 2. // Connect to the database 3. $dbLink = new mysqli(, user, pwd, myTable); 4. if(mysqli_connect_errno()) { 5. die("MySQL connection failed: ". mysqli_connect_error()); 6. } 7. 8. // Query for a list of all existing files 9. $sql = SELECT `id`, `name`, `mime`, `size`, `created` FROM `file `; 10.$result = $dbLink->query($sql); 11. 12.// Check if it was successfull 13.if($result) { 14. // Make sure there are some files in there 15. if($result->num_rows == 0) { 16. echo <p>There are no files in the database</p>; 17. } 18. else { 19. // Print the top of a table 20. echo <table width="100%"> 21. <tr> 22. <td><b>Name</b></td> 23. <td><b>Mime</b></td> 24. <td><b>Size (bytes)</b></td> 25. <td><b>Created</b></td> 26. <td><b>&nbsp;</b></td> 27. </tr>; 28. 29. // Print each file 30. while($row = $result->fetch_assoc()) { 31. echo " 32. <tr> 33. <td>{$row[name]}</td> 34. <td>{$row[mime]}</td> 35. <td>{$row[size]}</td> 36. <td>{$row[created]}</td>
  6. 6. 37. <td><a href=get_file.php? id={$row[id]}>Download</a></td> 38. </tr>"; 39. } 40. 41. // Close table 42. echo </table>; 43. } 44. 45. // Free the result 46. $result->free(); 47.} 48.else 49.{ 50. echo Error! SQL query failed:; 51. echo "<pre>{$dbLink->error}</pre>"; 52.} 53. 54.// Close the mysql connection 55.$dbLink->close(); 56.?>Phase 4: Downloading a fileThis part is the one that usually causes the most confusion.To really understand how this works, you must understand how your browser downloadsfiles. When a browser requests a file from a HTTP server, the server response will includeinformation on what exactly it contains. These bits of information are called headers. Theheaders usually include information on the type of data being sent, the size of the response,and in the case of files, the name of the file.There are of course a lot of other headers, which I will not cover here, but it is worth lookinginto!Now, this code. We start simply by reading the ID sent by the link in phase 3. If the ID isvalid, we fetch the information on the file whos ID we received, send the headers, and finallysend the file data:Expand|Select|Wrap|Line Numbers 1. <?php 2. // Make sure an ID was passed 3. if(isset($_GET[id])) { 4. // Get the ID 5. $id = intval($_GET[id]); 6.
  7. 7. 7. // Make sure the ID is in fact a valid ID8. if($id <= 0) {9. die(The ID is invalid!);10. }11. else {12. // Connect to the database13. $dbLink = new mysqli(, user, pwd, myTable );14. if(mysqli_connect_errno()) {15. die("MySQL connection failed: ". mysqli_connect_error ());16. }17.18. // Fetch the file information19. $query = "20. SELECT `mime`, `name`, `size`, `data`21. FROM `file`22. WHERE `id` = {$id}";23. $result = $dbLink->query($query);24.25. if($result) {26. // Make sure the result is valid27. if($result->num_rows == 1) {28. // Get the row29. $row = mysqli_fetch_assoc($result);30.31. // Print headers32. header("Content-Type: ". $row[mime]);33. header("Content-Length: ". $row[size]);34. header("Content-Disposition: attachment; filename =". $row[name]);35.36. // Print data37. echo $row[data];38. }39. else {40. echo Error! No image exists with that ID.;41. }42.43. // Free the mysqli resources44. @mysqli_free_result($result);45. }46. else {47. echo "Error! Query failed: <pre>{$dbLink- >error}</pre>";48. }49. @mysqli_close($dbLink);
  8. 8. 50. } 51.} 52.else { 53. echo Error! No ID was passed.; 54.} 55.?>Any decent browser should be able to read the headers and understand what type of file thisis, and that it is to be downloaded, not opened.The finish lineSo, as you see, this is not as complex as one might think.This code is of course only written for demonstration purposes and I would not recommendusing it without adding a little extra security. Un-edited, this code would basically allowanybody to upload anything to your server, which is not a good idea!I hope this has been helpful, and I wish you all the best.See you around,- Atli ÞórRevisions • August 20th, 2008 - Replaced the old mysql functions with the improved mysqli functions. • December 12th, 2009 - Updated the introduction to include a bit more detail on the pros and cons of this method. Also improved the code structure a bit. Replaced the mysqli procedural functions with their OOP counterparts. (Thanks to kovik for pointing out the need for these changes!)Nov 23 07 #1