4

我使用以下代码和函数来强制下载文件,如果文件名不包含瑞典语字符(如Å Ä Ö.

$file_id = $_GET['f'];

$sql =  " SELECT * ".
            " FROM attachment ".
            " WHERE attachment_id = ".$file_id." ".

            $res = mysql_query($sql);
            $row = mysql_fetch_array($res);
            $filename = $row['filename'];
            $USER_ID = $row['user_id'];
            $Directory_id = $row['directory_id'];
            $target_path = "upload/".$USER_ID."/".$Directory_id."/";


function Download($path, $speed = null)
{
    if (is_file($path) === true)
    {
        $file = @fopen($path, 'rb');
        $speed = (isset($speed) === true) ? round($speed * 1024) : 524288;

        if (is_resource($file) === true)
        {
            set_time_limit(0);
            ignore_user_abort(false);

            while (ob_get_level() > 0)
            {
                ob_end_clean();
            }

            header('Expires: 0');
            header('Pragma: public');
            header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
            header('Content-Type: application/octet-stream');
            header('Content-Length: ' . sprintf('%u', filesize($path)));
            header('Content-Disposition: attachment; filename="' . basename($path) . '"');
            header('Content-Transfer-Encoding: binary');

            while (feof($file) !== true)
            {
                echo fread($file, $speed);

                while (ob_get_level() > 0)
                {
                    ob_end_flush();
                }

                flush();
                sleep(1);
            }

            fclose($file);
        }

        exit();
    }

    return false;

    }
Download($target_path.$filename);

我试图把它放在我的页面顶部:

<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>

和:

$filename = urlencode($filename);

或者:

$filename =  htmlentities($filename, ENT_QUOTES, "UTF-8");

但是还是同样的问题,我打不开。但是,如果文件名包含正常的英文字符,那么它可以正常工作。

您有什么建议我可以在该功能中放置或实现什么?您可以提供的任何帮助将不胜感激。

4

1 回答 1

0

确保您的 html 文档中有 utf8 编码(<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>)

尝试更换

$filename = $row['filename'];


$filename = iconv("UTF-8", "ISO-8859-1//TRANSLIT", $row['filename']);

所以你的代码看起来像:

$file_id = $_GET['f'];

$sql =  " SELECT * ".
            " FROM attachment ".
            " WHERE attachment_id = ".$file_id." ".

            $res = mysql_query($sql);
            $row = mysql_fetch_array($res);
            $filename = iconv("UTF-8", "ISO-8859-1//TRANSLIT", $row['filename']);   
            $USER_ID = $row['user_id'];
            $Directory_id = $row['directory_id'];
            $target_path = "upload/".$USER_ID."/".$Directory_id."/";

但是为了它。不要使用 mysql() 函数。使用 mysqli 或 PDO 代替占位符。您的代码广泛用于 sql 注入攻击。

于 2014-05-10T06:42:25.933 回答