php mysql下载链接

Question

在此页面上，用户从下拉列表中选择一些选项并接收可供下载的文件列表。下载每条记录旁边的超链接。目前，下载超链接下载一个文件，其中包含数据库中存在的正确的FILE NAME，但文件CONTENTS不正确。更具体地讲，它好像没有被正确发送头：该文件的内容是从newpub_profile.php

的HTML标记这是最当前的代码：

newpub_profile.php

 $q = "SELECT upload_id, title, genre, length, created 
     FROM upload 
     WHERE genre = '$genre' AND length = '$length' 
     ORDER BY created DESC, title DESC"; 


    $r = mysqli_query ($dbc, $q); // Run the query 

    if($r) 
    { 
     // If it ran okay, display the records 
     echo '<table align="center" 
      cellspacing="3" cellpadding="3" 
      width="75%"> 
      <tr><td align="left"><b>Title</b></td> 
      <td align="left"><b>Genre</b></td> 
      <td align="left"><b>Pages</b></td> 
      <td align="left"><b>Submitted</b></td> 
      <td align="left"><b>Download</b></td>'; 

     // Fetch and print all the records: 

     while ($row = mysqli_fetch_array($r,MYSQLI_ASSOC)) 
     { 
      echo '<tr><td align="left">' . 
      $row['title'] . '</td><td align="left">' 
      . $row['genre'] . '</td><td align="left">' 
      . $row['length'] . '</td><td align="left">' 
      . $row['created'] . '</td><td align="left">' 
      //. $row['views'] . '</td><td align="left">' 
      . "<a href='newpub_profile.php?id={$row['upload_id']}'>Download</a></td>" . '</td></tr>'; 
     } 
     echo '</table>'; // Close the table 

     mysqli_free_result ($r); // Free up the resources 
    } 
    else // If it did not run okay 
    { 
     // Public Message: 

     echo '<p class="error">Your submissions could not be retrieved. We 
      apologize for any inconvenience.</p>'; 

     // Debugging message: 

     echo '<p>' . mysqli_error($dbc) . '<br /><br />Query: ' . $q . '</p>'; 

    } // End of if ($r) IF. 



} 

//END DOWNLOAD HANDLER ****************************************************** 


    mysqli_close($dbc); // Close the database connection 

?> 
        <?php 

        // Make sure an ID was passed DOWNLOAD HANDLER ******* 
if(isset($_GET['id'])) { 
// Get the ID 
    $id = intval($_GET['id']); var_dump($id); 


    require_once ('../mysqli_connect.php'); //Connect to the db 



     // Fetch the file information 
     $downloadq = " 
      SELECT `file_type`, `size`, `title`, 'content', 'upload_id' 
      FROM `upload` 
      WHERE `upload_id` =".$id; 
     $result = mysqli_query ($dbc, $downloadq); // Run the query 


     if($result) { 
      // Make sure the result is valid 
      if (mysqli_num_rows($result) > 0) { 
      // Get the row 
       $row = mysqli_fetch_assoc($result); 
       //var_dump($row); 

       // Print headers 
       header("Content-Type: ". $row['type']); 
       header("Content-Length: ". $row['size']); 
       header("Content-Disposition: attachment; filename=". $row['title']); 


       // Print data 
       echo stripslashes($row['content']); 
      } 
      else { 
       echo 'Error! No such ID.'; 
      } 

      // Free the mysqli resources 
      mysqli_free_result($result); 
     } 
     else { 
      echo "Error! Query failed: <pre>{$dbc->error}</pre>"; 
     } 
     mysqli_close($dbc); 
    } 

        ?> 

newupload_sql.php

 if(isset($_POST['upload']) && $_FILES['userfile']['size'] > 0) //check membership level here******************************************* 
{ 
    //------------------------------------------------------------------------------------------------ 
    //$membercheck = "SELECT membership, uploaded 
        // FROM user 
        // WHERE user_id =". $_SESSION['user_id']; //gets membership level and upload count 

    //----------------------------------------------------------------------------------------------- 

    if($_FILES['userfile']['size'] > 2621440) 
     die("File larger than 2.5MB"); 

     $mimeTypes = array('application/vnd.openxmlformats-officedocument.wordprocessingml.document', 
'application/msword'); 

    if (in_array($_FILES['userfile']['type'], $mimeTypes)) 
     { 
$fileName = $_FILES['userfile']['name']; 
$tmpName = $_FILES['userfile']['tmp_name']; 
$fileSize = $_FILES['userfile']['size']; 
$fileType = $_FILES['userfile']['type']; 
$oid = $_SESSION['user_id']; 
$views = 0; 


$fp  = fopen($fileName, 'r'); 
$content = fread($fp, filesize($fileName)); 
$content = addslashes($content); 
fclose($fp); 

//if(!get_magic_quotes_gpc()) 
//{ 
    // $fileName = addslashes($fileName); 
//} 

$query = "INSERT INTO upload (title, file_type, size, content, length, genre, created, views, description, owner_id) ". 
"VALUES ('$fileName', '$fileType','$fileSize', '$content', '$length', '$genre', NOW(), '$views', '$description', '$oid')"; 
$r = @mysqli_query ($dbc, $query); //Run the query. or die('Error, query failed'); 

if($r) 
{ 

     require_once ('login_functions.php'); 
     $url = absolute_url ('newupload_thanks.php'); 
     header("Location: $url"); 
     exit(); 
} 

      else //if it didnt run ok... 
      { 
       //Public message: 
       echo '<h1>System Error</h1> 
       <p class="error">You could not upload due to a system 
       error. We apologize.</p>'; 

       //debugging message: 

       echo'<p>' . mysqli_error($dbc) . '<br /><br />Query: ' . $r . 
       '</p>'; 

      } // End of ($r) IF. // File's OK 
    } 

} 
    else 
    { 
     die("Wrong tile type: Use .doc, .docx or ONLY"); 

    } 



}mysqli_close($dbc); //Close the database connection. 
?> 

Answer 1

你确定它正在下载页面本身？从它的外观来看，你的问题是你没有正确地构建标题。你的SQL查询的var_dump表明您取一个title，但你使用name为下载提供的（实际上使代码的文件名送头空文件名。

我建议您验证您的代码使用的实际列名即：

header("Content-Disposition: attachment; filename=". $row['title']); 

Answer 2

没有行[ '名称']你的意思是行[ '标题']

Answer 3

你有这些

$fileName = $_FILES['userfile']['name']; 
$tmpName = $_FILES['userfile']['tmp_name']; 

可以重命名/移动$ tmpName至$文件名

EDITED

入住这 move_uploaded_file()

或改变$文件名以$ tmpName在以下块

$fp  = fopen($fileName, 'r'); 
$content = fread($fp, filesize($fileName)); 
$content = addslashes($content); 
fclose($fp);