file upload in php to mysql

Question

I am trying to make a simple file upload from php to mysql and downloading it back but i keep to seem on running into a problem, but I can't figure it out. The picture that I try to upload in this form creates some content in the blob column but on download widows viewer gives and error of no preview available

Here's the code for the form

<form enctype="multipart/form-data" method="post" action="upload.php">
Choose your file <input name="file" type="file">
<input type="submit" >
</form>

Here's the code for upload.php

include('connect.php');
$actualname=$_FILES['file']['name'];
$type=$_FILES['file']['type'];
$name  = $_FILES['file']['tmp_name'];
$size = $_FILES['file']['size'];

$fresource=fopen($name,'r');
$content=fread($fresource,filesize($name));;
$content=addslashes($content);
fclose($fresource);

$query='INSERT INTO `files` (Name,Content,Type,Size) VALUES ("'.$actualname.'","'.$content.'","'.$type.'","'.$size.'")';
echo $query;
$var=mysql_query($query,$con);

and here's the code for download.php

include('connect.php');
$query='SELECT * FROM `files` WHERE ID="2"';
$res=mysql_query($query,$con);
$var=mysql_fetch_array($res);
header("Content-length: ".$var[4]);
header("Content-type: ".$var[3]);
header("Content-Disposition: attachment; filename=".$var[1]);
echo $var[1];

Any help would be much appreciated

The files table has the ID,Name,Content,Type,Size columns in the same order

Answer 1

DONT USE MYSQL_*

also addslashes() is a terrible and falible way to secure your code. As it is the code is susceptible to SQL injection.

i'm assuming that your database is

id name content type size

so change the last line to

echo stripslashes($var[2]);

since

0 => id,
1 => name,
2 => content,

and you added slashes to the content... so now you need to remove em.