# Download Links



## MDub2112 (Apr 13, 2005)

OK here's my scenario...

I've got an Intranet site to which I have users uploading files to a folder above the docroot via PHP/MySQL.

Docroot is /var/www/html
Upload folder is /var/www/uploads

Once the user fills out the form, of course, items such as id, title, path, file, type, and size are then set in the dbase. That all works.

The link I'm using to provide a download link is

```
echo "[URL=download.php?id={$depot[]
               {$depot['title']}
                [/URL]";
```
My download.php script is as follows

```
<?PHP
include_once('db_depot.php');
$handle = db_connect();
$file = $_GET['id'];
$query = "select id, path, file, type, size from depot where id = $file";
$result = $handle->query($query);
  if (!$result) 
  {
    echo "There was a database error when executing $query";
    echo mysqli_error();
    exit;
  }
  if ($file = $result->fetch_assoc()) 
	{
	$file = $file['file'];
	$type = $file['type'];
	$size = $file['size'];
	$path = $file['path'];
	$filepath = $path . $file;

	header('Content-type: ' . $type);
	header('Content-Disposition: attachment; filename="' . $file . '"');
	readfile($filepath);
	}
exit;
?>
```
Now, everything SEEMS to work; however, even though the file download has the correct name, it appears more as if the system is creating a file on the fly using the filename from the dbase instead of sending the file that is in the uploads folder. I'll click a link to download a file that I know is an image and open it up with MS Image Viewer and it comes up with "No preview available". MS Word or Excel files come up all garbled and the only readable information I get from them is the header info.

What's Am I doin' wrong? Can I download files from a folder above the docroot?
If not, has anyone ever used the database to store the files (don't want the files to get uploaded to a location viewable by everyone as this will eventually go on the web for client use.


----------

