Help with file upload/download

[rohan112287]

Hello Friends,

I have a question. I made an uploading page which uploads the files to database and download page where the files can be viewed.
In my upload page there is a dropdownlist containing 4 options. I uploaded files based on the dropdownlist. My options in the dropdown are A,AA,AACC,AAME,AAN which are listed under company. My question is;
If I select A option in my dropdownlist and upload files , in the download page i shud be able to view all the A files that are uploaded.
If I select AA option in my dropdownlist and upload files , in the download page i shud be able to view all the AA files that are uploaded.

How can i do this. If i am not wrong it is like input of uploading page shud be the query of download page if m not wrong??..

I have created ID,TITLE,CODE,DESCRIPTION,FILE ,DATE and COMPANY fields in my database. I have tried it. I am able to upload files also in my database. But as i click the download link it's showing 'No file found' from the download.php page. Please help me guys.
My codes for upload page and download page are below.
//secondpage.php

 <?php
   error_reporting (E_ALL ^ E_NOTICE);
  $form = "<form action='secondpage.php' method='POST' enctype='multipart/form-data'>
 
  <table align='center'>
    <tr>
      <td>Title:</td>
      <td><input type='text' name='title' /></td>
    </tr>
    <tr>
      <td>Description:</td>
      <td><textarea name='description' cols='35' rows='5'></textarea></td>
    </tr>
    <tr>
     <td>company:</td>
     <td><select name=company id=company>
       <option value='A'>A</option>
       <option value='AA'>AA</option>
  <option value='AACC'>AACC</option>
  <option value='AAME'>AAME</option>
  <option value='AAN'>AAN</option>
     </select></td>
    </tr>	
    <tr>
      <td></td>
      <td><input type='file' name='myfile' /></td>
    </tr>
	    <tr>
      <td></td>
      <td><input type='submit' name='submitbutton' value='Submit' /></td>
    </tr>
  </table>
</form>";
    if($_POST['submitbutton'])
    {
    $title = $_POST['title'];
    $description = $_POST['description'];
	$company = $_POST['company'];
    $name = $_FILES['myfile']['name'];
    $type = $_FILES['myfile']['type'];
    $size = $_FILES['myfile']['size'];
    $tmpname = $_FILES['myfile']['tmp_name'];
    $ext = substr($name, strrpos($name, '.'));
    if($name)
    {
    if($title && $description)
            
            {
    require("connect.php");
                $date = date("M-d-Y");
                
                $charset = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
                $length = 15;
                $code = "";
                for ($i = 0; $i <= $length; $i++)
                {
                
                 $rand = rand() % strlen($charset);
                 $tmp = substr($charset, $rand, 1);
                 $code.= $tmp;
                
                }
                $query = mysql_query("SELECT code FROM files WHERE code='$code'");
                $numrows = mysql_num_rows($query);
                
                
                while($numrows != 0)
                {
                
                    for ($i = 0; $i <= $length; $i++)
                {
                
                 $rand = rand() % strlen($charset);
                 $tmp = substr($charset, $rand, 1);
                 $code.= $tmp;
                
                }
                
                $query = mysql_query("SELECT code FROM files WHERE code='$code'");
                $numrows = mysql_num_rows($query);
                
                }
                        
            mkdir("files/$code");    
                
            move_uploaded_file($tmpname, "files/$code/"."$name");    
                
            $file = "$name";    
    $query = mysql_query("INSERT INTO files VALUES ('', '$title', '$code','$description', '$name','$date', '$company')");
         echo "Your file has been uploaded.<br><br><a href='download.php?code=$code&$company'>Download File</a>";
        }
        else
         echo "You did not fill in the form completely.$form ";
    }
    else
    echo "You did not select a file.$form ";
    }
    else
    echo "$form";
    ?>

//download.php
 <?php
    //echo "<title></title>";
	error_reporting (E_ALL ^ E_NOTICE);
	$code = "";
    $code = $_GET['code'];
    if ($code)
    {
    require("connect.php");
    $query = mysql_query("SELECT * FROM files WHERE company='". $_GET['company']."'");
    $numrows = mysql_num_rows($query);
    if($numrows == 1)
    {
    $row = mysql_fetch_assoc($query);
    $id = $row['id'];
    $title = $row['title'];
    $file = $row['file'];
    $description = $row['description'];
    $date = $row['date'];
	$company = $row['company'];
    echo "<title>$title - File Upload</title>";
    echo "<center><h1>Company Reports</h1></center><br>";
    echo "<div style ='background-color: #efefef; width: 500px; margin-left: auto; margin-right: auto; padding: 8px;'><a href='files/$code/$file'>$title</a>
    <br><br>
    <left>$description</left>
    </div>";
    }
    else
    echo "No file was found.";
    }
    else
    {
    echo "please upload a file.<br><br>";
    require ("secondpage.php");
    }
    ?>
	
    

[jacek]

Well, if you are inserting the value of this drop down box into the database then you can do a select based on it. so the SQL to get all of AA's files would be

SELECT `file` FROM `table_name` WHERE `company` = 'AA'

It looks like you have the company name on your downoads page too ($_GET['company']), so you could use that in place of AA here.

A few other things, you should really look into SQL injection since your current code is not very secure. Also, using a functions would make everything a lot more organised.