【发布时间】:2012-03-16 12:43:37
【问题描述】:
我正在创建允许用户在单击此按钮时下载文件的 PHP 页面:
<td><a href='download.php?id={$row['file_name']}'>Download</a></td>
然后页面重定向到download.php,代码:
<?php
// Make sure an ID was passed
if(isset($_GET['file_name'])) {
// Get the ID$id
$file_name= ($_GET['file_name']);
// Make sure the ID is in fact a valid ID
if($file_name == NULL) {
die('The name is invalid!');
}
else {
// Connect to the database
$dbLink = new mysqli('localhost', 'root', "", 'db_name');
if(mysqli_connect_errno()) {
die("MySQL connection failed: ".mysqli_connect_error());
}
// Fetch the file information
$query = "
SELECT `type`, `file_name`, `size`, `data`
FROM `pdfs`
WHERE `file_name` = {$file_name}";
$result = $dbLink->query($query);
if($result) {
// Make sure the result is valid
if($result->num_rows == 1) {
// Get the row
$row = mysqli_fetch_assoc($result);
header("Content-Type: ".$row['type']);
header("Content-Length: ".$row['size']);
header("Content-Disposition: attachment");
// disopsition = attachment to force download request
// Print data
echo $row['data'];
}
else {
echo 'Error! No file exists with that ID.';
}
// Free the mysqli resources
@mysqli_free_result($result);
}
else {
// if there is an error excuting the query
echo "Error! Query failed: <pre>{$dbLink->error}</pre>";
}
// close database connection
@mysqli_close($dbLink);
}
}
else {
// if no ID passed
echo 'Error! No ID was passed.';
}
?>
然而,当我点击下载时,我总是得到最后一个 else 语句“错误没有 id 被传递”的消息,但我找不到问题,是我制作文件主键的问题是名字??
【问题讨论】:
-
这里是 SQL 注入漏洞。当没有提供文件名时,似乎会触发“未传递 ID”消息 - 但代码的结构方式很难阅读。这可以解释为什么您的链接会导致错误
标签: php mysql pdf web-applications download