上載，在PHP中查看PDF

Question

所以我正在爲我的網站上傳，查看文件，但似乎只有圖像和txt文件已準備好查看，PDF和word文檔甚至沒有顯示。有人可以告訴我如何改變這一點，以便我可以在瀏覽器中查看pdf和word文檔？

這裏是upload.php的：

<?php 
include_once 'dbconfig.php'; 
if(isset($_POST['btn-upload'])) 
{  

    $file = rand(1000,100000)."-".$_FILES['file']['name']; 
    $file_loc = $_FILES['file']['tmp_name']; 
    $file_size = $_FILES['file']['size']; 
    $file_type = $_FILES['file']['type']; 
    $folder="uploads/"; 

    // new file size in KB 
    $new_size = $file_size/1024; 
    // new file size in KB 

    // make file name in lower case 
    $new_file_name = strtolower($file); 
    // make file name in lower case 

    $final_file=str_replace(' ','-',$new_file_name); 

    if(move_uploaded_file($file_loc,$folder.$final_file)) 
    { 
     $sql="INSERT INTO tbl_files(file,type,size) VALUES('$final_file','$file_type','$new_size')"; 
     mysql_query($sql); 
     ?> 
     <script> 
     alert('successfully uploaded'); 
     window.location.href='index.php?success'; 
     </script> 
     <?php 
    } 
    else 
    { 
     ?> 
     <script> 
     alert('error while uploading file'); 
     window.location.href='index.php?fail'; 
     </script> 
     <?php 
    } 
} 
?> 

這裏是view.php（更新和工作）：

<?php 
    $file = 'uploads/.pdf'; 
    $filename = 'yolo.pdf'; 
    header('Content-type: application/pdf'); 
    header('Content-Disposition: inline; filename="' . $filename . '"'); 
    header('Content-Transfer-Encoding: binary'); 
    header('Accept-Ranges: bytes'); 
    @readfile($file); 
?> 

我只需要這是能夠查看任何PDF無必須在代碼中有一個特定的名稱：$filename = 'yolo.pdf';

我有一個PDF文件供用戶查看的列表。點擊查看按鈕時，是否有可能讀取數據庫中pdf文件的ID並將其存儲在將放置在代碼中的變量中？這種方式PHP將查看特定的文件，而不必更改每個文件的代碼...

我知道這聽起來有點混亂，所以任何問題只是說。

Answer 1

加上一個數字自動遞增的ID給你的表：

ALTER TABLE `tbl_files` 
    ADD `id` INT NOT NULL AUTO_INCREMENT FIRST, 
    ADD PRIMARY KEY (`id`) ; 

然後，而不是產生與rand(1000,100000)使用自動生成的ID作爲文件名隨機數。你得到插入後這個ID與mysql_insert_id：

upload.php

// [snip] 

// fetch original file extension 
$extension = pathinfo($final_file, PATHINFO_EXTENSION); 

$allowedExtensions = ["jpg", "jpeg", "png", "gif", "pdf", "doc", "docx"]; 

// check if the file extension is allowed 
if (! in_array($extension, $allowedExtensions)) 
{ 
    // report error and abort 
} 

// use a transaction to rollback the insert 
// in case move_uploaded_file fails 
mysql_query("BEGIN"); 

// insert file into database 
$sql = "INSERT INTO tbl_files(file,type,size) VALUES('".mysql_real_escape_string($final_file)."','".mysql_real_escape_string($file_type)."','".mysql_real_escape_string($new_size)."')"; 
mysql_query($sql); 

// fetch generated id 
$id = mysql_insert_id(); 

// move file to $folder and rename it to "$id.$extension" 
$fileMoved = move_uploaded_file($file_loc,$folder.$id.".".$extension); 

if ($fileMoved) 
    mysql_query("COMMIT"); 
else 
    // deletes file entry from the db 
    mysql_query("ROLLBACK"); 

我花時間來逃避添加到您的插入，以防止SQL注入。如果可以的話，你真的不應該再使用舊的mysql接口，而是切換到PDO和prepared statements。 view.php?id=1337

<?php 
    $id = filter_input(INPUT_GET, "id", FILTER_VALIDATE_INT); 

    if (! $id) 
     header("HTTP/1.1 400 Bad Request"); 

    $result = mysql_query("SELECT * FROM tbl_files WHERE id = ".$id); 
    // $id is of type int here, so no sql injection possible 

    if (! $result) 
     header("HTTP/1.0 404 Not Found"); 

    $file = mysql_fetch_assoc($result); 

    // fetch original file extension or store it the database 
    $extension = pathinfo($file["file"], PATHINFO_EXTENSION); 

    header('Content-type: application/pdf'); 
    header('Content-Disposition: inline; filename="' . $file["file"] . '"'); 
    header('Content-Transfer-Encoding: binary'); 
    header('Accept-Ranges: bytes'); 
    @readfile("uploads/$id.$extension"); 
?> 

如果您直接訪問文件是可能的，你應該使用它性能方面的原因：

// [snip] 

    // fetch original file extension or store it the database 
    $extension = pathinfo($file["file"], PATHINFO_EXTENSION); 

    // relocate to the pdf file to have apache/nginx/whatever 
    // serve the file instead of the php interpreter 
    header("Location: uploads/$id.$extension"); 

對於其他讀者：

使用id即成您的文件。如果你不不想授予直接訪問權限，但仍然關心性能，可以使用X-Sendfile來提供文件。 nginx本地提供了這個功能。對於Apache而言，有一個模塊可悲地不會出貨。

修復的最終腳本

<?php 
    include_once 'config_db.php'; 
    if(isset($_POST['btn-upload'])) 
    {  

     $allowedExtensions = ["jpg", "jpeg", "png", "gif", "pdf", "doc", "docx"]; 

     $file = $id."-".$_FILES['file']['name']; 
     $file_loc = $_FILES['file']['tmp_name']; 
     $file_size = $_FILES['file']['size']; 
     $file_type = $_FILES['file']['type']; 
     $folder="uploads/"; 

     // new file size in KB 
     $new_size = $file_size/1024; 
     // new file size in KB 

     // make file name in lower case 
     $new_file_name = strtolower($file); 
     // make file name in lower case 

     $final_file=str_replace(' ','-',$new_file_name); 
     $extension = pathinfo($final_file, PATHINFO_EXTENSION); 

     // check if the file extension is allowed 
     if (! in_array($extension, $allowedExtensions)) 
     { 
      // report error and abort 
      echo "<script>", 
       "alert('invalid file extension');", 
       "window.location.href='index.php?fail'", 
      "</script>"; 
     } 
     else 
     { 
      $sql = "INSERT INTO tbl_ficheiros(file,type,size) VALUES('".mysql_real_escape_string($final_file)."','".mysql_real_escape_string($file_type)."','".mysql_real_escape_string($new_size)."')"; 

      mysql_query($sql); 

      // fetch generated id 
      $id = mysql_insert_id(); 

      // move file to $folder and rename it to "$id.$extension" 
      $fileMoved = move_uploaded_file($file_loc,$folder.$id.".".$extension); 

      if ($fileMoved) 
      { 
       mysql_query("COMMIT"); 

       echo "<script>", 
        "alert('successfully uploaded');", 
        "window.location.href='index.php?success'", 
       "</script>"; 
      } 
      else 
      { 
       // deletes file entry from the db 
       mysql_query("ROLLBACK"); 

       echo "<script>", 
        "alert('error while uploading file');", 
        "window.location.href='index.php?fail'", 
       "</script>"; 
      } 
     } 
    } 
    ?> 

Answer 2

喜歡這個？ ：

<?php 
    include_once 'config_db.php'; 
    if(isset($_POST['btn-upload'])) 
    {  

     $allowedExtensions = ["jpg", "jpeg", "png", "gif", "pdf", "doc", "docx"]; 
     $file = $id."-".$_FILES['file']['name']; 
     $file_loc = $_FILES['file']['tmp_name']; 
     $file_size = $_FILES['file']['size']; 
     $file_type = $_FILES['file']['type']; 
     $folder="uploads/"; 

     // new file size in KB 
     $new_size = $file_size/1024; 
     // new file size in KB 

     // make file name in lower case 
     $new_file_name = strtolower($file); 
     // make file name in lower case 

     $final_file=str_replace(' ','-',$new_file_name); 
     $extension = pathinfo($final_file, PATHINFO_EXTENSION); 
     if(move_uploaded_file($file_loc,$folder.$final_file)) 
     { 
      $sql = "INSERT INTO tbl_ficheiros(file,type,size) VALUES('".mysql_real_escape_string($final_file)."','".mysql_real_escape_string($file_type)."','".mysql_real_escape_string($new_size)."')"; 
mysql_query($sql); 
      mysql_query($sql); 
     // fetch generated id 
$id = mysql_insert_id(); 

     // move file to $folder and rename it to "$id.$extension" 
$fileMoved = move_uploaded_file($file_loc,$folder.$id.".".$extension); 

     if ($fileMoved) 
      mysql_query("COMMIT"); 
      <script> 
       alert('successfully uploaded'); 
       window.location.href='index.php?success'; 
      </script> 
     else 
     // deletes file entry from the db 
      mysql_query("ROLLBACK"); 
     } 
    } 
    ?>