Bricktop Posted June 9, 2008 Share Posted June 9, 2008 Hi chaps, I'm doing something soooo wrong here but just cannot figure it out - any help greatly appreciated! OK, so I have 'download.php' in my web root which is: <?php require("config.php"); $sql = "UPDATE downloads SET count=(count + 1) WHERE name = '".$_GET['filename']."'"; $result = mysql_query($sql); $filename = downloads/$_GET['filename']/$_GET['filename']; header("Content-Type: application/force-download"); header("Content-Disposition: attachment; filename=\"".$filename.".zip\""); ?> What this is meant to do is update a counter under MySQL and then present a download dialog. All downloads are stored under "http://www.mysite.com/downloads/name_of_download/name_of_download.zip" Everything works as it should up till the download dialog. The filename which appears in the browser is ".zip[1]" - what have I done wrong please? PS - I am calling the download via "download.php?filename=blah" (I know this works because the MySQL field increment works correctly) Thanks in advance! Link to comment https://forums.phpfreaks.com/topic/109411-php-download-script/ Share on other sites More sharing options...
Bricktop Posted June 9, 2008 Author Share Posted June 9, 2008 OK, I forgot to use the PHP 'base' function. I now have: <?php require("config.php"); $sql = "UPDATE downloads SET count=(count + 1) WHERE name = '".$_GET['filename']."'"; $result = mysql_query($sql); $path = "downloads/".$_GET['filename']."/".$_GET['filename'].""; $filename = basename($path); header("Content-Type: application/force-download"); header("Content-Disposition: attachment; filename=\"".$filename.".zip\""); ?> The browser now brings up the correctly named file download dialog box, but when the file is saved to the hard drive it is empty - 0 bytes! Anyone know what I've down wrong? Link to comment https://forums.phpfreaks.com/topic/109411-php-download-script/#findComment-561220 Share on other sites More sharing options...
Orio Posted June 9, 2008 Share Posted June 9, 2008 Try using $path in your header instead of $filename. Also, you are risking yourself here. You are taking user input and placing it right inside a SQL query. This way, people can enter malicious inputs that can damage your database. This is a security hole, and it has to be fixed. There are tons of articles and tutorials about this issue, just google for it. Orio. Link to comment https://forums.phpfreaks.com/topic/109411-php-download-script/#findComment-561221 Share on other sites More sharing options...
PFMaBiSmAd Posted June 9, 2008 Share Posted June 9, 2008 The reason your file is empty is your code needs to read the file and output it to the browser. The readfile() function is commonly used to do this with one statement. Link to comment https://forums.phpfreaks.com/topic/109411-php-download-script/#findComment-561222 Share on other sites More sharing options...
Bricktop Posted June 9, 2008 Author Share Posted June 9, 2008 Thanks for your help and pointers chaps - I couldn't get it work so have opted for another route instead! Thanks anyway. Link to comment https://forums.phpfreaks.com/topic/109411-php-download-script/#findComment-561245 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.