I'm working on this application that reads confidential documents stored in the Blob of my Oracle 11g Database. What I have implemented so far is a php page that queries for all available blobs in the table and prints href's like this:
<html>
<head>
</head>
<body>
<?php
$i = 1;
echo "Welcome User!</br>";
$conn = OCILogon("abc","abc","abc_server");
$qry = "select id from some_table order by ID";
$stmt = ociparse ($conn,$qry);
OCIDefineByName($stmt,"ID",$id);
OCIExecute($stmt);
while ( $row = OCI_Fetch_Array($stmt, OCI_ASSOC+OCI_RETURN_LOBS) ) {
print "<a href = 'readMe.php?id=$id' target='_blank'>Document $i</a></br>";
$i = $i+1;
}
?>
</body>
</html>
readMe.php
<?php
session_start();
$id = $_GET[id];
$conn = OCILogon("abc","abc","abc_server");
$qry = "select doc_file,doc_name from some_table where ID =".$id;
//echo $qry;
$stmt = ociparse ($conn,$qry);
OCIDefineByName($stmt,"DOC_FILE",$blobFile);
OCIDefineByName($stmt,"DOC_NAME",$blobFileName);
OCIExecute($stmt);
while ($row = OCI_Fetch_Array($stmt, OCI_ASSOC+OCI_RETURN_LOBS))
{
$a = $row['DOC_FILE'];
}
header('Content-type: application/pdf');
header('Content-Disposition: inline; filename="' . $blobFileName . '"');
header('Content-Transfer-Encoding: binary');
header('Accept-Ranges: bytes');
print $a;
?>
The problem is that it produces this URL:
http://999.999.999.888/Some_work/ReadBlob/readMe.php?id=47
That is, the ID of every document in the browser. How can I avoid this? I tried using $_POST but it didn't open the document. ANy help would be highly appreciated.
