March 14, 2012

displaying pdf files stored in myql database PHP

Question by Samer El Gendy

i am trying to display pdf files stored in mysql database in the browser when the user request to.

structure of the mysql table: 
`id` Int Unsigned Not Null Auto_Increment,
`name` VarChar(255) Not Null Default 'Untitled.txt',
`mime` VarChar(50) Not Null Default 'text/plain',
`size` BigInt Unsigned Not Null Default 0,
`data` MediumBlob Not Null,
`created` DateTime Not Null,
php code: 
$query = "
            SELECT `type`, `name`, `size`, `data`, `mime`
            FROM `file`
            WHERE `id` = {$id}";
        $result = $dbLink->query($query);
        if($result) {
            // Make sure the result is valid
            if($result->num_rows == 1) {
            // Get the row
                $row = mysqli_fetch_assoc($result);
                // Print headers
                header('Accept-Ranges: bytes');
                header('Content-Transfer-Encoding: binary');
                header("Content-Type: ".$row['mime']);
                header("Content-Length: ".$row['size']);
                header("Content-Disposition: inline; filename=".$row['name']);
                echo $row['data'];
code to save file to database:
if(isset($_FILES['uploaded_file'])) {
    // Make sure the file was sent without errors
    if($_FILES['uploaded_file']['error'] == 0) {
        // Connect to the database
        $dbLink = new mysqli('localhost', 'REDACTED',"REDACTED", 'pdfs');
        if(mysqli_connect_errno()) {
            die("MySQL connection failed: ".mysqli_connect_error());

        // get all required data
        $name = $dbLink->real_escape_string($_FILES['uploaded_file']['name']);
        $type = $dbLink->real_escape_string($_FILES['uploaded_file']['type']);
        $data = $dbLink->real_escape_string(file_get_contents($_FILES  ['uploaded_file']['name']));
        $size = intval($_FILES['uploaded_file']['size']);

        // Create the SQL query
        $query = "
            INSERT INTO `file` (
                `name`, `type`, `size`, `data`, `created`
            VALUES (
                '{$name}', '{$type}', {$size}, '{$data}', NOW()

        // Execute the query
        $result = $dbLink->query($query);

        // Check if it was successfull
        if($result) {
            echo 'Success! Your file was successfully added!';
        else {
            echo 'Error! Failed to insert the file'
               . "<pre>{$dbLink->error}</pre>";

however, when i try to view a pdf, adobe reader start loading and then i get this error massage: the file is damaged and could not be repaired.
am i doing something wrong?

Answer by Starx

Frankly, I don’t like this way at all.


Keep it Short & Simple

Whatever you are trying to do, there is better way of doing it.

  1. If security is the problem you have .htaccess and access roles
  2. If file handling is the problem you have PHP.
  3. If protected download is a problem then again with the combination of PHP and its session handling, you can do it.
  4. If viewing is the problem you have browser that.
  5. If you want to force download the file, then PHP’s header tags is enough.

Please fill the form - I will response as fast as I can!