在此页面上,用户从下拉列表中选择一些选项并收到可供下载的文件列表。下载每条记录旁边的超链接。当前,下载超链接下载的文件具有正确的文件名,因为它存在于数据库中,但文件内容不正确。更具体地说,似乎没有正确发送标头:文件的内容是来自 newpub_profile.php 的 html 标记
这是最新的代码:
newpub_profile.php
$q = "SELECT upload_id, title, genre, length, created
FROM upload
WHERE genre = '$genre' AND length = '$length'
ORDER BY created DESC, title DESC";
$r = mysqli_query ($dbc, $q); // Run the query
if($r)
{
// If it ran okay, display the records
echo '<table align="center"
cellspacing="3" cellpadding="3"
width="75%">
<tr><td align="left"><b>Title</b></td>
<td align="left"><b>Genre</b></td>
<td align="left"><b>Pages</b></td>
<td align="left"><b>Submitted</b></td>
<td align="left"><b>Download</b></td>';
// Fetch and print all the records:
while ($row = mysqli_fetch_array($r,MYSQLI_ASSOC))
{
echo '<tr><td align="left">' .
$row['title'] . '</td><td align="left">'
. $row['genre'] . '</td><td align="left">'
. $row['length'] . '</td><td align="left">'
. $row['created'] . '</td><td align="left">'
//. $row['views'] . '</td><td align="left">'
. "<a href='newpub_profile.php?id={$row['upload_id']}'>Download</a></td>" . '</td></tr>';
}
echo '</table>'; // Close the table
mysqli_free_result ($r); // Free up the resources
}
else // If it did not run okay
{
// Public Message:
echo '<p class="error">Your submissions could not be retrieved. We
apologize for any inconvenience.</p>';
// Debugging message:
echo '<p>' . mysqli_error($dbc) . '<br /><br />Query: ' . $q . '</p>';
} // End of if ($r) IF.
}
//END DOWNLOAD HANDLER ******************************************************
mysqli_close($dbc); // Close the database connection
?>
<?php
// Make sure an ID was passed DOWNLOAD HANDLER *******
if(isset($_GET['id'])) {
// Get the ID
$id = intval($_GET['id']); var_dump($id);
require_once ('../mysqli_connect.php'); //Connect to the db
// Fetch the file information
$downloadq = "
SELECT `file_type`, `size`, `title`, 'content', 'upload_id'
FROM `upload`
WHERE `upload_id` =".$id;
$result = mysqli_query ($dbc, $downloadq); // Run the query
if($result) {
// Make sure the result is valid
if (mysqli_num_rows($result) > 0) {
// Get the row
$row = mysqli_fetch_assoc($result);
//var_dump($row);
// Print headers
header("Content-Type: ". $row['type']);
header("Content-Length: ". $row['size']);
header("Content-Disposition: attachment; filename=". $row['title']);
// Print data
echo stripslashes($row['content']);
}
else {
echo 'Error! No such ID.';
}
// Free the mysqli resources
mysqli_free_result($result);
}
else {
echo "Error! Query failed: <pre>{$dbc->error}</pre>";
}
mysqli_close($dbc);
}
?>
newupload_sql.php
if(isset($_POST['upload']) && $_FILES['userfile']['size'] > 0) //check membership level here*******************************************
{
//------------------------------------------------------------------------------------------------
//$membercheck = "SELECT membership, uploaded
// FROM user
// WHERE user_id =". $_SESSION['user_id']; //gets membership level and upload count
//-----------------------------------------------------------------------------------------------
if($_FILES['userfile']['size'] > 2621440)
die("File larger than 2.5MB");
$mimeTypes = array('application/vnd.openxmlformats-officedocument.wordprocessingml.document',
'application/msword');
if (in_array($_FILES['userfile']['type'], $mimeTypes))
{
$fileName = $_FILES['userfile']['name'];
$tmpName = $_FILES['userfile']['tmp_name'];
$fileSize = $_FILES['userfile']['size'];
$fileType = $_FILES['userfile']['type'];
$oid = $_SESSION['user_id'];
$views = 0;
$fp = fopen($fileName, 'r');
$content = fread($fp, filesize($fileName));
$content = addslashes($content);
fclose($fp);
//if(!get_magic_quotes_gpc())
//{
// $fileName = addslashes($fileName);
//}
$query = "INSERT INTO upload (title, file_type, size, content, length, genre, created, views, description, owner_id) ".
"VALUES ('$fileName', '$fileType','$fileSize', '$content', '$length', '$genre', NOW(), '$views', '$description', '$oid')";
$r = @mysqli_query ($dbc, $query); //Run the query. or die('Error, query failed');
if($r)
{
require_once ('login_functions.php');
$url = absolute_url ('newupload_thanks.php');
header("Location: $url");
exit();
}
else //if it didnt run ok...
{
//Public message:
echo '<h1>System Error</h1>
<p class="error">You could not upload due to a system
error. We apologize.</p>';
//debugging message:
echo'<p>' . mysqli_error($dbc) . '<br /><br />Query: ' . $r .
'</p>';
} // End of ($r) IF. // File's OK
}
}
else
{
die("Wrong tile type: Use .doc, .docx or ONLY");
}
}mysqli_close($dbc); //Close the database connection.
?>