Hiya guys
I have a upload and down script, the upload works perfectly but the download displays a blank page with no files or errors
Upload.php
<html>
<head></head>
<body>
<form method="post" enctype="multipart/form-data">
<table width="350" border="0" cellpadding="1"
cellspacing="1" class="box">
<tr>
<td>please select a file</td></tr>
<tr>
<td>
<input type="hidden" name="MAX_FILE_SIZE"
value="99000000">
<input name="userfile" type="file" id="userfile">
</td>
<td width="80"><input name="upload"
type="submit" class="box" id="upload" value=" Upload "></td>
</tr>
</table>
</form>
</body>
</html>
<?php
if (isset($_POST['upload']) && $_FILES['userfile']['size'] > 0) {
$fileName = $_FILES['userfile']['name'];
$tmpName = $_FILES['userfile']['tmp_name'];
$fileSize = $_FILES['userfile']['size'];
$fileType = $_FILES['userfile']['type'];
$fileType = (get_magic_quotes_gpc() == 0 ? mysql_real_escape_string(
$_FILES['userfile']['type']) : mysql_real_escape_string(
stripslashes($_FILES['userfile'])));
$fp = fopen($tmpName, 'r');
$content = fread($fp, filesize($tmpName));
$content = addslashes($content);
fclose($fp);
if (!get_magic_quotes_gpc()) {
$fileName = addslashes($fileName);
}
$con = mysql_connect('localhost', 'username', 'password') or die(mysql_error());
$db = mysql_select_db('company', $con);
if ($db) {
$query = "INSERT INTO upload (name, size, type, content ) " .
"VALUES ('$fileName', '$fileSize', '$fileType', '$content')";
mysql_query($query) or die('Error, query failed');
mysql_close();
echo "<br>File $fileName uploaded<br>";
} else {
echo "file upload failed";
}
}
?>
and download.php
<?php
session_start();
// very basic check to see if user is logged in
if(!isset($_SESSION['MM_Username']))
{
// kill the script display warning.
die('Unauthorised accessed. You must be logged in to access this file');
}
// Has a file id been passed?
if(isset($_GET['upid']) && ctype_digit($_GET['upid']))
{
// fetch the file where the upid matches
$result = mysql_query('SELECT name, type, size, content FROM upload WHERE upid='.intval($_GET['upid']));
// query executed ok
if($result)
{
// get the files details
list($name, $type, $size, $content) = mysql_fetch_row($result);
// present file for download
header("Content-length: $size");
header("Content-type: $type");
header("Content-Disposition: attachment; name=$name");
echo $content;
exit;
}
}
?>