下载多个pdf文件点击zip一键

Question

我在文件夹中有一些pdf文件3_day_notice_fad_pdf。现在，我必须根据查询条件以zip格式下载pdf文件。

<?php 
include("connection.php"); 
extract($_REQUEST); 
$query=mysql_query("select fad_html_name from fad_record where t_id='$word'") or die(mysql_error()); 
while($result=mysql_fetch_array($query,MYSQL_ASSOC)) 
{ 
extract($result); 
$movies_id[] = "3_day_notice_fad_pdf/$fad_html_name"; 
} 
$movies_id = array(); 

//print_r($movies_id); 
    $zipname = 'file.zip'; 
    $zip = new ZipArchive; 
    $zip->open($zipname, ZipArchive::CREATE); 
    foreach ($movies_id as $file) { 
    $zip->addFile($file); 
    } 
    $zip->close(); 
    header('Content-Type: application/zip'); 
    header('Content-disposition: attachment; filename='.$zipname); 
    header('Content-Length: ' . filesize($zipname)); 
    readfile($zipname); 
    ?> 

Zip文件可以正常使用，但它下载所有存在于文件夹3_day_notice_fad_pdf的文件。它不符合条件，其中t_id ='$ word'查询。

Answer 1

你在这里做了几件坏事。

1. 不要直接向SQL传递查询字符串。它将导致SQL注入，并且您的应用程序将受到攻击。在这里看到：https://stackoverflow.com/a/60496/2520628

2. 你只是循环后清除文件阵列

更正代码：

<?php 
include("connection.php"); 
$word = $_REQUEST['word']; 
$query=mysql_query("select fad_html_name from fad_record where t_id='$word'") or die(mysql_error()); 
while($result=mysql_fetch_array($query,MYSQL_ASSOC)) 
{ 
$movies_id[] = "3_day_notice_fad_pdf/" . $result['fad_html_name']; 
} 

    $zipname = 'file.zip'; 
    $zip = new ZipArchive; 
    $zip->open($zipname, ZipArchive::CREATE); 
    foreach ($movies_id as $file) { 
    $zip->addFile($file); 
    } 
    $zip->close(); 
    header('Content-Type: application/zip'); 
    header('Content-disposition: attachment; filename='.$zipname); 
    header('Content-Length: ' . filesize($zipname)); 
    readfile($zipname); 
    ?>