Thank you for pointing out the security issue, I am aware of that. Was sloppy not to use %d instead of %s as I did.
The database is exactly the same, and the data is correct in $Row['filename']. I did create a copy and put it onto an other server, and there it worked "ok". Some files did work well, while others did not work at all. Is there anyone with reference of a small example of binary storage and retrieval from database? I have performed working solutions for images before, but this should support any file extensions (with exceptions of course). Best regards, Peter Lauri -----Original Message----- From: Chris [mailto:[EMAIL PROTECTED] Sent: Thursday, June 08, 2006 8:00 AM To: Peter Lauri Cc: php-general@lists.php.net Subject: Re: [PHP] file from database work local, but not on server Peter Lauri wrote: > Best group member, > > This code works fine on my local machine: > > $Query = sprintf("SELECT * FROM filestorage WHERE id=%s LIMIT 1", > $_GET['fileid']); > $Result = mysql_query($Query); > if (mysql_num_rows ($Result)>0) { > $Row = @mysql_fetch_array ($Result); > $file_type = $Row["filetype"]; > $file = $Row["filedata"]; > header ("Content-type: $file_type"); > header("Content-Disposition: attachment; > filename=fil".substr($Row['filename'], strrpos($Row['filename'], '.'))); > '.')).'" > print $file; > } > > But when I run it on my server it does not start the download, and the file > name is the location of the script instead of what I state as file name. The first thing you should do is read this site: http://www.phpsec.org I could pass all sorts of bad things to $_GET['fileid'] and it will ruin your database. At least make it: (int)$_GET['fileid']; so if it's non-numeric, it will get converted to 0. Can we assume the database is exactly the same and it's not that $row['filename'] has the wrong data in it? -- Postgresql & php tutorials http://www.designmagick.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
