Download in PHP

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
clover
Forum Newbie
Posts: 2
Joined: Fri Apr 07, 2006 3:23 am

Download in PHP

Post by clover »

feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]


Hi, 

   I am newbie in PHP and currently working for an e document management systems. I faced some problem in the download coding that i did. The problems are:

1. After i uploaded a document, i click on the link, it will open automatically, without let user to save that file.
2. Only .txt file can be open and all the characters can be see and read clearly. Other file types such as .doc, .jpg, it only can see those weird characters. 

Is that anything wrong with my download codes below?

Code: Select all

<?php 
error_reporting(E_ALL); 
if(isset($_GET['id'])) 
{ 
include 'db_connect.php'; 

    $id      = $_GET['id']; 
    $query   = "SELECT name, type, size, path FROM upload2 WHERE id = '$id'"; 
    $result  = mysql_query($query) or die('Error, query failed'); 
    list($name, $type, $size, $filePath) = mysql_fetch_array($result); 

   // header("Content-Disposition: attachment; filename=$name"); 
   // header("Content-length: $size"); 
   // header("Content-type: $type"); 
     
    readfile($filePath); 
    
    exit; 
} 

?> 

<html> 
<head> 
<title>Download File From MySQL</title> 
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> 
</head> 

<body> 
<form action="" method="post" name="form1" target="_self">
  <?php 
include 'db_connect.php';

$query  = "SELECT id, name FROM upload2"; 
$result = mysql_query($query) or die('Error, query failed'); 
if(mysql_num_rows($result) == 0) 
{ 
    echo "Database is empty <br>"; 
}  
else 
{ 
    while(list($id, $name) = mysql_fetch_array($result)) 
    { 
?>
    <a href="download.php?id=<?=$id;?>"><?=$name;?></a> <br> 
  </a> <br>
  <?php         
    } 
} 

?>
</form>
</body> 
</html>
Please help me out, thanks alot.


feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

If no content-type is specified in the headers, php will generally default it to text/html. I see you've commented out a header call that would set the header. In fact, all three headers you've commented out are needed for this.

As an aside, your SQL is open to SQL Injection.
clover
Forum Newbie
Posts: 2
Joined: Fri Apr 07, 2006 3:23 am

Post by clover »

Hi feyd, thanks for the correction of my previous post.

I got some error messages for the header part as below:

Warning: Cannot modify header information - headers already sent by (output started at C:\wamp\www\edocmansys\admin\new\main\db_connect.php:23)

Warning: Cannot modify header information - headers already sent by (output started at C:\wamp\www\edocmansys\admin\new\main\db_connect.php:23)

Warning: Cannot modify header information - headers already sent by (output started at C:\wamp\www\edocmansys\admin\new\main\db_connect.php:23)

May i know what is cause of those errors and how should i correct it so that it can work properly?

And, what do you meant by "SQL is open to SQL Injection" ? Can you explain more on this?

Thanks for helping.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

clover wrote:headers already sent
viewtopic.php?t=1157
clover wrote:And, what do you meant by "SQL is open to SQL Injection" ? Can you explain more on this?
http://www.google.com/search?q=sql+inje ... etwork.net
Post Reply