...

View Full Version : Hai i want a small help regarding this



anjali_nalumasu
11-20-2007, 06:07 AM
Hai all,
I wrote an php script to download a file.But i am getting an error unable to open a file.I hosted the file in the server at a specific folder.At the time of downloading it is downloading a file but the data in that file is not displaying.
please can anyone help on this.

Jacobb123
11-20-2007, 07:23 AM
please post the exact error message and the script that you are using to do this

anjali_nalumasu
11-20-2007, 08:33 AM
i am sending the code
please check it
<?php

$file_name = $_POST['file'];
$file_path = "/home/spherete/public_html/";
header("Content-Type: application/unknown");
header("Content-Disposition: filename=$file_name");

if($fp = fopen($file_path.$file_name, "r"))
{
while(!feof($fp)) {
echo fgets($fp, 4096);
}
fclose($fp);

}
?>

After executing this code i am getting the file to save but in the file there is no content and giving the error as below:

Warning: fopen(/home/spherete/public_html/index.php ) [function.fopen]: failed to open stream: No such file or directory in /home/spherete/public_html/download.php on line 12

aedrin
11-20-2007, 04:33 PM
$file_name = $_POST['file'];
$file_path = "/home/spherete/public_html/";
header("Content-Type: application/unknown");
header("Content-Disposition: filename=$file_name");

if($fp = fopen($file_path.$file_name, "r"))



That is a security hole. Don't just plainly take a filename parameter through POST/GET without doing any kind of cleaning.

Also, do not use an absolute file path such as /home/spherete/public_html. Try to use a relative path whenever possible (which is almost always).

anjali_nalumasu
11-22-2007, 08:00 AM
Thanku for ur advice.
we already changed that path. Coming to get and post methods with out that how can we get the file name.To get file name we have to use any one thing.Did you see the error what i am getting.
Can you tell me how to solve that error.
please help me i am new to php and i am not getting how to do this.

Thanking you,



That is a security hole. Don't just plainly take a filename parameter through POST/GET without doing any kind of cleaning.

Also, do not use an absolute file path such as /home/spherete/public_html. Try to use a relative path whenever possible (which is almost always).



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum