-2

このページで、ユーザーはドロップダウンからいくつかのオプションを選択し、ダウンロード可能なファイルのリストを受け取ります。各レコードの横にあるハイパーリンクをダウンロードします。現在、ダウンロードハイパーリンクは、データベースに存在する正しいファイル名のファイルをダウンロードしますが、ファイルの内容が正しくありません。具体的には、ヘッダーが正しく送信されていないようです。ファイルの内容は、newpub_profile.phpからのhtmlマークアップです。

これは最新のコードです:

newpub_profile.php

       $q = "SELECT upload_id, title, genre, length, created
        FROM upload
        WHERE genre = '$genre' AND length = '$length'
        ORDER BY created DESC, title DESC";


    $r = mysqli_query ($dbc, $q); // Run the query

    if($r)
    {
        // If it ran okay, display the records
        echo '<table align="center"
            cellspacing="3" cellpadding="3"
            width="75%">
           <tr><td align="left"><b>Title</b></td>
           <td align="left"><b>Genre</b></td>
           <td align="left"><b>Pages</b></td>
           <td align="left"><b>Submitted</b></td>
           <td align="left"><b>Download</b></td>';

        // Fetch and print all the records:

        while ($row = mysqli_fetch_array($r,MYSQLI_ASSOC))
        {
            echo '<tr><td align="left">' .
            $row['title'] . '</td><td align="left">'
            . $row['genre'] . '</td><td align="left">'
            . $row['length'] . '</td><td align="left">'
            . $row['created'] . '</td><td align="left">'
            //. $row['views'] . '</td><td align="left">'
            . "<a href='newpub_profile.php?id={$row['upload_id']}'>Download</a></td>" . '</td></tr>';
        }
        echo '</table>'; // Close the table

        mysqli_free_result ($r); // Free up the resources
    }
    else // If it did not run okay
    {
        // Public Message:

        echo '<p class="error">Your submissions could not be retrieved.  We
            apologize for any inconvenience.</p>';

        // Debugging message:

        echo '<p>' . mysqli_error($dbc) . '<br /><br />Query: ' . $q . '</p>';

    } // End of if ($r) IF.



}

//END DOWNLOAD HANDLER ******************************************************


    mysqli_close($dbc); // Close the database connection

?>
                    <?php

                    // Make sure an ID was passed DOWNLOAD HANDLER *******
if(isset($_GET['id'])) {
// Get the ID
    $id = intval($_GET['id']); var_dump($id);


    require_once ('../mysqli_connect.php'); //Connect to the db



        // Fetch the file information
        $downloadq = "
            SELECT `file_type`, `size`, `title`, 'content', 'upload_id'
            FROM `upload`
            WHERE `upload_id` =".$id;
        $result = mysqli_query ($dbc, $downloadq); // Run the query


        if($result) {
            // Make sure the result is valid
            if (mysqli_num_rows($result) > 0) {
            // Get the row
                $row = mysqli_fetch_assoc($result);
                //var_dump($row);

                // Print headers
                header("Content-Type: ". $row['type']);
                header("Content-Length: ". $row['size']);
               header("Content-Disposition: attachment; filename=". $row['title']);


                // Print data
                echo stripslashes($row['content']);
            }
            else {
                echo 'Error! No such ID.';
            }

            // Free the mysqli resources
            mysqli_free_result($result);
        }
        else {
            echo "Error! Query failed: <pre>{$dbc->error}</pre>";
        }
        mysqli_close($dbc);
    }

                    ?>

newupload_sql.php

        if(isset($_POST['upload']) && $_FILES['userfile']['size'] > 0) //check membership level here*******************************************
{
  //------------------------------------------------------------------------------------------------
    //$membercheck = "SELECT membership, uploaded
                   // FROM user
                   // WHERE user_id =". $_SESSION['user_id'];  //gets membership level and upload count

   //-----------------------------------------------------------------------------------------------

    if($_FILES['userfile']['size'] > 2621440)
        die("File larger than 2.5MB");

       $mimeTypes = array('application/vnd.openxmlformats-officedocument.wordprocessingml.document',
'application/msword');

    if (in_array($_FILES['userfile']['type'], $mimeTypes))
      {
$fileName = $_FILES['userfile']['name'];
$tmpName  = $_FILES['userfile']['tmp_name'];
$fileSize = $_FILES['userfile']['size'];
$fileType = $_FILES['userfile']['type'];
$oid = $_SESSION['user_id'];
$views = 0;


$fp      = fopen($fileName, 'r');
$content = fread($fp, filesize($fileName));
$content = addslashes($content);
fclose($fp);

//if(!get_magic_quotes_gpc())
//{
  //  $fileName = addslashes($fileName);
//}

$query = "INSERT INTO upload (title, file_type, size, content, length, genre, created, views, description, owner_id) ".
"VALUES ('$fileName', '$fileType','$fileSize', '$content', '$length', '$genre', NOW(), '$views', '$description', '$oid')";
$r = @mysqli_query ($dbc, $query); //Run the query. or die('Error, query failed');

if($r)
{

        require_once ('login_functions.php');
        $url = absolute_url ('newupload_thanks.php');
        header("Location: $url");
        exit();
}

            else //if it didnt run ok...
            {
                //Public message:
                echo '<h1>System Error</h1>
                <p class="error">You could not upload due to a system
                error.  We apologize.</p>';

                //debugging message:

                echo'<p>' . mysqli_error($dbc) . '<br /><br />Query: ' . $r .
                '</p>';

            } // End of ($r) IF. // File's OK
    }

}
  else
    {
        die("Wrong tile type: Use .doc, .docx or ONLY");

    }



}mysqli_close($dbc); //Close the database connection.
?>
4

3 に答える 3

2

Are you sure it is downloading the page itself? From the looks of it your issue is that you are not building the header correctly. Your SQL query and var_dump indicates that you are fetching a title but you use name for filename of the download offer (actually making the code send a header with empty filename.

I'd suggest you verify that your code uses the actual column name. i.e.:

header("Content-Disposition: attachment; filename=". $row['title']);
于 2012-05-17T00:57:13.870 に答える
1

あなたはこれらを持っています

$fileName = $_FILES['userfile']['name'];
$tmpName  = $_FILES['userfile']['tmp_name'];

$tmpNameの名前を$filenameに変更/移動する必要があります

編集済み

この move_uploaded_file()を確認してください

または、次のブロックで$fileNameを$tmpNameに変更します

$fp      = fopen($fileName, 'r');
$content = fread($fp, filesize($fileName));
$content = addslashes($content);
fclose($fp);
于 2012-05-17T01:51:45.160 に答える
1

行がありません['名前']あなたは行['タイトル']を意味します

于 2012-05-17T01:00:46.810 に答える