时间戳

首页 > 解决方案 > 下载功能改为下载 .php 文件

php - 下载功能改为下载 .php 文件

问题描述

最近我开始了 PHP 编程,我目前正在开发一个用户可以数字方式购买游戏的项目。所以这是我目前面临的问题,我为用户创建了一个库部分,他们可以在其中查看他们购买的游戏并通过单击按钮下载它们,但是每当我单击下载按钮时,它会自动下载名为下载的文件.php 脚本文件,里面是一堆错误消息,而不是我想要的文件。以下是我的项目代码。

下载.php(下载脚本)

<?php
require_once("conn.php");

if(isset($_GET['id'])){
  $id = $_GET['id'];
  $sql="SELECT * FROM games WHERE game_downloadpath=$id";
  $result = mysqli_query($con,$sql);
  $file = mysqli_fetch_assoc($result);
  $filepath = 'gamefiles/' . $file['name'];

  if(file_exists($filepath)){
    header('Content-Type: application/octet-stream');
    header('Content-Description: File Transfer');
    header('Content-Desposition: attachment; filename=' . basename($filepath));
    header('Expires: 0');
    header('Cache-Control: must-revalidate');
    header('Pragma:public');
    header('Content-Length:' . filesize('gamefiles/' .$file['name']));
    readfile('gamefiles/' . $file['name']);
  }
}
?>
<script type="text/javascript">
  window.location.replace("library.php");
</script>

Library.php(只显示重要代码)

<div class="block"></div>
  <section class="library-section">
    <div class="sidebar-div">
      <input type="text" placeholder="Search"> <button type="button" name="button">
        <i class="fas fa-search"></i>
      </button>
    </div>
    <div class="game-div">
      <h1>all games</h1>
      
            <?php
      include("conn.php");
      $CID = $_SESSION['id'];
      $search = isset($_POST['searchbox']) ? $_POST['searchbox'] : '' ;
      
      //for search function
      if ($search == NULL)
      {
        $result = mysqli_query($con,"Select * from games inner join purchase on purchase.purchase_game = games.game_ID inner join users on users.user_id = purchase.purchase_customer where games.game_status = 1 AND purchase.purchase_customer='$CID'");

        while($row = mysqli_fetch_array($result))
        { ?>
       <div class="games">
       <img src="<?php echo $row['game_photopath'] ?>">
       <div class="info-div">
      <h2><?php echo $row['game_name'] ?> </h2>
      <h4></h4>
      <a href="download.php?id=<?php echo $row['game_downloadpath']?>"><button type="submit" name="">
        <i class="fas fa-download"></i>
      </button></a>
    </div>
  </div>
  <?php }               
          } ?>    
  <div class="block">
  </div>
  </div>
</div>                             
  <!--  <div class="individual-game-div">
  </div>-->
  </section>
 <!-- </form> -->
<!-- /Main Content -->

这是我之前提到的文件中的代码。

<br />
<b>Warning</b>:  mysqli_fetch_assoc() expects parameter 1 to be mysqli_result, bool given in <b>C:\xampp\htdocs\SDP-Nexus-master\Foong's part\download.php</b> on line <b>28</b><br />
<br />
<b>Notice</b>:  Trying to access array offset on value of type null in <b>C:\xampp\htdocs\SDP-Nexus-master\Foong's part\download.php</b> on line <b>29</b><br />
<br />
<b>Notice</b>:  Trying to access array offset on value of type null in <b>C:\xampp\htdocs\SDP-Nexus-master\Foong's part\download.php</b> on line <b>39</b><br />
<br />
<b>Notice</b>:  Trying to access array offset on value of type null in <b>C:\xampp\htdocs\SDP-Nexus-master\Foong's part\download.php</b> on line <b>40</b><br />
<br />
<b>Warning</b>:  readfile(gamefiles/): failed to open stream: No such file or directory in <b>C:\xampp\htdocs\SDP-Nexus-master\Foong's part\download.php</b> on line <b>40</b><br />

<script type="text/javascript">
  window.location.replace("library.php");
</script>

这是我的数据库结构

标签: phpmysqli

解决方案

您获取文件名的 sql 语句是

 $sql="SELECT * FROM games WHERE game_downloadpath=$id";

但是,如果 $id 确实存在于数据库中或者结果是否返回有效数组,则没有检查。mysqli_fetch_assoc()即使结果返回mysqli_queryfalse也会立即调用

  $result = mysqli_query($con,$sql);
  $file = mysqli_fetch_assoc($result);

错误信息清楚地告诉你:

mysqli_fetch_assoc() expects parameter 1 to be mysqli_result, bool given

$id假定数据库中不存在给定的值或导致无效的 SQL 语句。

因此,所有其他错误消息都是此未获取行为的后续结果,因为您以后的所有代码都尝试访问不存在的数组元素,因此无法提供有效的文件名,因此您的最终 readfile() 找不到任何现有的文件路径.

推荐阅读