php
2010-09-19 114 views 0 likes 
0

我有这个脚本的下载代码的问题,我已经修改它,并添加其他功能,它的工作。只是脚本的下载部分不起作用,我会提供所有文件的完整代码。文件或图像上传php问题

upload.php的

<?php 
require_once 'dbc.php'; 
page_protect(); 

$client_ID = mysql_query("SELECT id 
    FROM clients WHERE user_name='".$_SESSION['user_name']."'")or die(mysql_error()); 
$client_ID = mysql_fetch_array($client_ID); 
$client_ID = $client_ID['id']; 


$uploadDir = 'uploads/'; 

if(isset($_POST['upload'])) 
{ 
$fileName = $_FILES['userfile']['name']; 
$tmpName = $_FILES['userfile']['tmp_name']; 
$fileSize = $_FILES['userfile']['size']; 
$fileType = $_FILES['userfile']['type']; 

$filePath = $uploadDir . $fileName; 

$result = move_uploaded_file($tmpName, $filePath); 
if (!$result) { 
echo "Error uploading file"; 
exit; 
} 

$hostname_conndb = "localhost"; 
$database_conndb = "uploads"; 
$username_conndb = "root"; 
$password_conndb = ""; 
$conndb = mysql_connect($hostname_conndb, $username_conndb, $password_conndb) or trigger_error(mysql_error(),E_USER_ERROR); 

if(!get_magic_quotes_gpc()) 
{ 
$fileName = addslashes($fileName); 
$filePath = addslashes($filePath); 
} 

$date = date('Y-m-d H:i:s'); 

$sql = "INSERT INTO upload2 (name, client, size, type, path, date) ". 
"VALUES ('$fileName', '$client_ID', '$fileSize', '$fileType', '$filePath', '$date')"; 
mysql_select_db($database_conndb, $conndb); 
$result = mysql_query($sql, $conndb) or die(mysql_error()); 

echo "<br>File $fileName uploaded<br>"; 

} 
?> 
<html> 
<head> 
<title>Download File From MySQL</title> 
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> 
<link href="styles.css" rel="stylesheet" type="text/css"> 
</head> 

<body> 
<?php 
$hostname_conndb = "localhost"; 
$database_conndb = "uploads"; 
$username_conndb = "root"; 
$password_conndb = ""; 
$conndb = mysql_connect($hostname_conndb, $username_conndb, $password_conndb) or trigger_error(mysql_error(),E_USER_ERROR); 

$sql = "SELECT * FROM upload2 WHERE client='".$client_ID."' ORDER BY date DESC"; 
mysql_select_db($database_conndb, $conndb); 
$result = mysql_query($sql, $conndb) or die(mysql_error()); 
$rows = mysql_fetch_assoc($result); 
$total_rows = mysql_num_rows($result); 
?> 
Welcome <?php echo $_SESSION['user_name'];?> 
<form method="post" enctype="multipart/form-data"> 
<table width="350" border="0" cellpadding="1" cellspacing="1" class="box"> 
<tr> 
<td width="246"> 
<input type="hidden" name="MAX_FILE_SIZE" value="2000000"> 
<input name="userfile" type="file" id="userfile"> 
</td> 
<td width="80"><input name="upload" type="submit" class="box" id="upload" value=" Upload "></td> 
</tr> 
</table> 
</form> 

<?php if($total_rows > 0) { ?> 
      <table border="0" cellpadding="0" cellspacing="0" id="tbl_repeat"> 
     <tr> 
      <th scope="col">FIle/Image Name</th> 
      <th scope="col" style="width:15%">Date</th> 
      <th scope="col" style="width:10%">Size</th> 
      <th scope="col" style="width:10%">Download</th> 
     </tr> 
     <?php do { ?> 
     <tr> 
      <td><?php echo $rows['name']; ?></td> 
      <td><?php echo $rows['date']; ?></td> 
      <td><?php echo $rows['size']; ?></td> 
      <td><a href="downloads.php?id=<?php echo $rows['id']; ?>">Download</a></td> 
     </tr> 
     <?php } while($rows = mysql_fetch_assoc($result)); ?> 
     </table> 
     <?php } else { echo "<p class="warn">Sorry there are no records available.</p>"; } ?> 
<p><br /> 
    <a href="logout.php">Logout </a></p> 
</body> 
</html>

此代码工作正常。下载代码:downloads.php

<?php 
require_once 'dbc.php'; 
page_protect(); 

$client_ID = mysql_query("SELECT id 
    FROM clients WHERE user_name='".$_SESSION['user_name']."'")or die(mysql_error()); 
$client_ID = mysql_fetch_array($client_ID); 
$client_ID = $client_ID['id']; 


$uploadDir = 'uploads/'; 

if(isset($_POST['upload'])) 
{ 
$fileName = $_FILES['userfile']['name']; 
$tmpName = $_FILES['userfile']['tmp_name']; 
$fileSize = $_FILES['userfile']['size']; 
$fileType = $_FILES['userfile']['type']; 

$filePath = $uploadDir . $fileName; 

$result = move_uploaded_file($tmpName, $filePath); 
if (!$result) { 
echo "Error uploading file"; 
exit; 
} 

$hostname_conndb = "localhost"; 
$database_conndb = "uploads"; 
$username_conndb = "root"; 
$password_conndb = "qaasim11"; 
$conndb = mysql_connect($hostname_conndb, $username_conndb, $password_conndb) or trigger_error(mysql_error(),E_USER_ERROR); 

if(!get_magic_quotes_gpc()) 
{ 
$fileName = addslashes($fileName); 
$filePath = addslashes($filePath); 
} 

$date = date('Y-m-d H:i:s'); 

$sql = "INSERT INTO upload2 (name, client, size, type, path, date) ". 
"VALUES ('$fileName', '$client_ID', '$fileSize', '$fileType', '$filePath', '$date')"; 
mysql_select_db($database_conndb, $conndb); 
$result = mysql_query($sql, $conndb) or die(mysql_error()); 

echo "<br>File $fileName uploaded<br>"; 

} 
?> 

<html> 
<head> 
<title>Download File From MySQL</title> 
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> 
<link href="styles.css" rel="stylesheet" type="text/css"> 
</head> 

<body> 
<?php 
$hostname_conndb = "localhost"; 
$database_conndb = "uploads"; 
$username_conndb = "root"; 
$password_conndb = ""; 
$conndb = mysql_connect($hostname_conndb, $username_conndb, $password_conndb) or trigger_error(mysql_error(),E_USER_ERROR); 

$sql = "SELECT * FROM upload2 WHERE client='".$client_ID."' ORDER BY date DESC"; 
mysql_select_db($database_conndb, $conndb); 
$result = mysql_query($sql, $conndb) or die(mysql_error()); 
$rows = mysql_fetch_assoc($result); 
$total_rows = mysql_num_rows($result); 
?> 
Welcome <?php echo $_SESSION['user_name'];?> 
<form method="post" enctype="multipart/form-data"> 
<table width="350" border="0" cellpadding="1" cellspacing="1" class="box"> 
<tr> 
<td width="246"> 
<input type="hidden" name="MAX_FILE_SIZE" value="2000000"> 
<input name="userfile" type="file" id="userfile"> 
</td> 
<td width="80"><input name="upload" type="submit" class="box" id="upload" value=" Upload "></td> 
</tr> 
</table> 
</form> 

<?php if($total_rows > 0) { ?> 
      <table border="0" cellpadding="0" cellspacing="0" id="tbl_repeat"> 
     <tr> 
      <th scope="col">FIle/Image Name</th> 
      <th scope="col" style="width:15%">Date</th> 
      <th scope="col" style="width:10%">Size</th> 
      <th scope="col" style="width:10%">Download</th> 
     </tr> 
     <?php do { ?> 
     <tr> 
      <td><?php echo $rows['name']; ?></td> 
      <td><?php echo $rows['date']; ?></td> 
      <td><?php echo $rows['size']; ?></td> 
      <td><a href="downloads.php?id=<?php echo $rows['id']; ?>">Download</a></td> 
     </tr> 
     <?php } while($rows = mysql_fetch_assoc($result)); ?> 
     </table> 
     <?php } else { echo "<p class="warn">Sorry there are no records available.</p>"; } ?> 
<p><br /> 
    <a href="logout.php">Logout </a></p> 
</body> 
</html>

这也为我的数据库的代码:

CREATE TABLE IF NOT EXISTS `upload2` (
`id` int(11) NOT NULL AUTO_INCREMENT, 
`client` int(11) NOT NULL, 
`name` varchar(30) NOT NULL, 
`type` varchar(30) NOT NULL, 
`size` int(11) NOT NULL, 
`path` varchar(60) NOT NULL, 
`date` datetime NOT NULL, 
PRIMARY KEY (`id`) 
) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=10 ; 

-- 
-- Dumping data for table `upload2` 
-- 

INSERT INTO `upload2` (`id`, `client`, `name`, `type`, `size`, `path`, `date`) VALUES 
(1, 1, 'back.gif', 'image/gif', 1997, 'uploads/back.gif', '2010-09-19 12:17:05');

当我点击upload.php的下载链接我得到以下错误 警告:mysql_fetch_array ():提供的参数不是在第17行的downloads.php中有效的MySQL结果资源 该文件不存在

我不确定代码是否可以下载文件/图像,如果这个错误不是他们的,我不知道如何解决这个问题。

来源

2010-09-19 Unix Man

+4

我希望你意识到你必须在这之后改变你的数据库密码。 – 2010-09-19 13:25:54

+0

你已经将你的主表单而不是download.php代码加倍发布。 – 2010-09-19 16:08:33

回答

0

您不要连接到数据库的第一个查询(得到$client_ID

$hostname_conndb = "localhost"; 
$database_conndb = "uploads"; 
$username_conndb = "root"; 
$password_conndb = "qaasim11"; 
$conndb = mysql_connect($hostname_conndb, $username_conndb, $password_conndb) or trigger_error(mysql_error(),E_USER_ERROR); 

$client_ID = mysql_query("SELECT id 
    FROM clients WHERE user_name='".$_SESSION['user_name']."'")or die(mysql_error()); 
$client_ID = mysql_fetch_array($client_ID); 
$client_ID = $client_ID['id'];

来源

2010-09-19 14:39:57 jcubic

0

有些事情要考虑:

  1. 如果POST字段设置检查是不正确的方法检查POST是否实际执行 - 完全有可能您可能会在某个时间点重命名该字段,并忘记更改if(),或者该字段由于某种原因未提交。一个万无一失的检查是if ($_SERVER['REQUEST_METHOD'] == 'POST') { ... }。无论提交什么字段(如果有),脚本在响应POST请求时都会执行。
  2. 您一味地认为上传成功,没有检查上传可能失败(连接死亡,文件太大,磁盘空间不足等等)的许多原因。 $ _FILES数组中的['error']参数是有原因的。 if ($_FILES['somefile']['error'] === UPLOAD_ERR_OK) { ... upload was successful ... }
  3. 您不清理['name']参数,并将其盲目地用作move_uploaded_file()中路径的一部分。该名称完全在用户的控制之下,因此恶意用户可以轻松地为其文件命名../../../../../../windows/system32/kernel32.dll,并且您的脚本将高兴地尝试杀死您的机器
  4. 您不检查文件冲突,从第3点开始)。你盲目地覆盖任何相同名字的文件。
  5. 如果没有任何种类的上传完成检查,您将尝试将数据保存到数据库中。您在$ filePath和$ fileName上使用addslashes(),但$fileType的用法不同 - 这是由客户端提供的MIME类型 - 因此,它完全受用户控制,因此恶意的用户可以轻松地执行SQL注入攻击。
  6. 您以root用户身份连接到数据库。这是非常糟糕的做法。创建一个专用账户并授予它只有“插入”权限。一个简单的Web应用程序几乎不需要创建/删除/更改权限,但这是通过使用root帐户向全世界公开的内容。结合SQL注入漏洞,你已经将数据库(最有可能是服务器的其余部分)交给了银盘上的攻击者。

来源

2010-09-19 16:21:21

相关问题
每日一句
每一个你不满意的现在,都有一个你没有努力的曾经。
最新问题

 相关问题