0

无法正确下载:无法打开链接。帮助表示赞赏。我是 PHP 和 MySQL 的新手。我已将内容的 MySQL 设置为 BLOB,但我不知道如何更清楚,我可以看到文件的链接,其中包含相应 id 到 url 中文件内容 $id 的链接,但是当我点击链接没有打开,我希望能够在browser中打开文件。我打算能够打开 .zip 文件并在以后的开发中提取。就安全性而言,还请详细解释一下,以便我学习。我看到我的代码是 mod,但仍然无法在数组链接中工作。

UPLOAD.PHP

<?php 
$dbname="upload";
$host="localhost";
$user="SELF";
$pass="PICME";
$link = mysql_connect($hostname, $user, $pass);
mysql_select_db($dbname, $link);
?>
<form method="post" enctype="multipart/form-data">
   <table width="350" border="0" cellpadding="1" cellspacing="1" class="box">
      <tr> 
         <td width="246">
            <input type="hidden" name="MAX_FILE_SIZE" value="2000000">
            <input name="userfile" type="file" id="userfile"> 
         </td>
         <td width="80"><input name="upload" type="submit" class="box" id="upload" value=" Upload "></td>
      </tr>
   </table>
</form>
<?php
if(isset($_POST['upload']) && $_FILES['userfile']['size'] > 0)
{
$fileName = $_FILES['userfile']['name'];
$tmpName  = $_FILES['userfile']['tmp_name'];
$fileType = $_FILES['userfile']['type'];
$fileSize = $_FILES['userfile']['size'];
$fp      = fopen($tmpName, 'r');
$content = fread($fp, filesize($tmpName));
$content = addslashes($content);
fclose($fp);
if(!get_magic_quotes_gpc())
{
$fileName = addslashes($fileName);
}
$query = "INSERT INTO upload (name, type, size, content) ".
"VALUES ('$fileName', '$fileType', '$fileSize', '$content')";
mysql_query($query) or die('Error, query failed'); 
echo "<br>File $fileName uploaded<br>";
} 
?>'
(DOWNLOAD.PHP)FILE
'<?php
$dbname="upload";
$host="localhost";
$user="SELF";
$pass="PICME";
$link = mysql_connect($hostname, $user, $pass);
mysql_select_db($dbname, $link);
$query = "SELECT id, name FROM upload";
$result = mysql_query($query) or die('Error, query failed');
if(mysql_num_rows($result) == 0)
{
echo "Database is empty <br>";
} 
else
{
while(list($id, $name) = mysql_fetch_array($result))
{
?>
<a href="download.php?id=<?php echo urlencode($id);?>"><?php echo urlencode($name);?></a> <br>
<?php 
}
}
exit;
?>
<?php
$dbname="upload";
$host="localhost";
$user="SELF";
$pass="PICME";
$link = mysql_connect($hostname, $user, $pass);
mysql_select_db($dbname, $link);
$query = "SELECT id, name FROM upload";
if(isset($_GET['id'])) 
{
// if id is set then get the file with the id from database
$id    = $_GET['id'];
$query = "SELECT name, type, size, content " .
"FROM upload WHERE id = '$id'";
$result = mysql_query($query) or die('Error, query failed');
list($name, $type, $size, $content) =                     mysql_fetch_array($result);
$content = $row['content']; 
header("Content-Disposition: attachment; filename=$name");
header('Content-type: image/jpeg' . $type); // 'image/jpeg' for JPEG images
header('Content-Length:' . $size);
exit;
print $content;
ob_clean();
flush();
echo $content;
}
?>
4

1 回答 1

0

似乎您在上传和下载时为 JPEG 设置 Mimetype 时没有验证文件的 Mime 类型。请确保您上传的文件格式正确。此外,在从 DB 检索时,id 被 urlencoded 但未解码。

于 2012-12-30T00:14:12.983 回答