Posted by rafi on 09/11/07 13:36

Here it is:

// file download.php

<?php
session_start();

require_once('db_login.php');
require_once('MDB2.php');

if(isset($_GET['id']))
{
include 'db_open.php'; // opens db conn and does SET NAMES utf8

$id = $_GET['id'];
$query = "SELECT * FROM attachments WHERE attachment_id = '$id'";
$result = $connection->query($query);
if (PEAR::isError($result)) {
die("Could not query the database: <br />" .
PEAR::errorMessage($result));
}

$result_row = $result->fetchRow(MDB2_FETCHMODE_ASSOC);

$name = $result_row['name'];
$type = $result_row['type'];
$size = $result_row['size'];
$content = $result_row['content'];

//$name = stripslashes($name);
//$content = stripslashes($content);

include 'db_close.php'; // closes db conn

header("Content-type: $type" . "; charset=utf-8");
header("Content-disposition: attachment; filename=\"" . $name .
"\"");
header("Content-length: $size");
echo $content;

exit;
}

require_once('db_login.php');
require_once('header_footer.php');
require_once('dsp_links.php');
require_once('/home/israelf1/php/MDB2.php');

display_page_header();
display_links();
require('dsp_sidebar.php');

include 'db_open.php';

$query = "SELECT attachment_id, name FROM attachments";
$result = $connection->query($query);
if (PEAR::isError($result)) {
die("Could not query the database: <br />" .
PEAR::errorMessage($result));
}

while ($result_row = $result->fetchRow(MDB2_FETCHMODE_ASSOC)) {
echo '<a href="download.php?id=' . $result_row['attachment_id'] .
'">' . $result_row['name'] . '</a> <br>';
}
include 'db_close.php';

display_page_footer();

?>

// ----------------------------------------------

// file msg_add.php

....
// get 1st attachment
if (!$stop && isset($_FILES['attachment1']['size']) &&
($_FILES['attachment1']['size'] > 0))
{
$attch1 = true;
$fileName1 = $_FILES['attachment1']['name'];
$tmpName1 = $_FILES['attachment1']['tmp_name'];
$fileSize1 = $_FILES['attachment1']['size'];
$fileType1 = $_FILES['attachment1']['type'];

if (!is_valid_file($fileName1, 1)) {
$err_msg = "document must be doc or txt or pdf.";
$stop = true;
}
else {
$fp1 = fopen($tmpName1, 'r');
$content1 = fread($fp1, $fileSize1);
$content1 = addslashes($content1);
fclose($fp1);
if(!get_magic_quotes_gpc())
{
$fileName1 = addslashes($fileName1);
}
}
}

....

if ($attch1) {
$max_aid++;
$attch_id1 = $max_aid; // attachment id

$query = "INSERT INTO attachments VALUES ($attch_id1, '$fileName1',
'$fileType1', '$fileSize1', '$content1')";
$result = $connection->query($query);
if (PEAR::isError($result)) {
$query = "ROLLBACK";
$result1 = $connection->query($query);
die("Database query (ins attachment1) failed: <br />" .
PEAR::errorMessage($result));
}
}

....

[Back to original message]