...

View Full Version : Download link not working



PRodgers4284
02-18-2008, 05:51 PM
I am having trouble with a download link, it doesnt same to be working but i can see the file the bottom left of the screen once i click it but it doesnt same to download the file. I have the file uploading to a file on the server and the file goes into the database fine but it doesnt same to open the document when i click on the link, can anyone help please

My code for the upload file is


$uploadDir = 'C:/wamp/www/upload/';

if (isset($_POST['submit']) && $error_stat == 0) {

$fileName = $_FILES['userfile']['name'];
$tmpName = $_FILES['userfile']['tmp_name'];
$fileSize = $_FILES['userfile']['size'];
$fileType = $_FILES['userfile']['type'];

// the files will be saved in filePath
$filePath = $uploadDir . $fileName;

// move the files to the specified directory
// if the upload directory is not writable or
// something else went wrong $result will be false
$result = move_uploaded_file($tmpName, $filePath);
if (!$result) {
echo "Error uploading file";
exit;
}

include("database.php");

if(!get_magic_quotes_gpc())
{
$fileName = addslashes($fileName);
$filePath = addslashes($filePath);
}



mysql_query("UPDATE users SET username='" . $_POST["username"] . "',jobcatergory='" . $_POST["jobcatergory"] . "',recentjob='" . $_POST["recentjob"] . "',employmenttype='" . $_POST["employmenttype"] . "',careerlevel='" . $_POST["careerlevel"] . "',educationallevel='" . $_POST["educationallevel"] . "',skills='" . $_POST["skills"] . "', name='$fileName', type='$fileType', size='$fileSize', path='$filePath' WHERE username='" . $_SESSION["username"] . "'");
?>


And the download link to the file is:


<?php echo '<a href="'.$account['path'].'">Download File</a>'; ?

Ultragames
02-19-2008, 02:47 AM
I don't have an answer to your question, but I can't pass by this thread with out pointing a few things out:

Do not use magic quotes! It's good that your checking for it, but I strongly suggest having it turned off. It has even been removed from PHP 6 because of issues related to it.

Escape any data that goes into a database! SQL injection can cripple a site, or worse yet, let a hacker sneak in quietly. Along with normal data verification, you should always use mysql_real_escape_string() (http://us3.php.net/mysql_real_escape_string) on any variables going into a query. INSERT, UPDATE, REPLACE, DELETE, and SELECT. Always assume that no query is safe.

PRodgers4284
02-19-2008, 02:45 PM
I don't have an answer to your question, but I can't pass by this thread with out pointing a few things out:

Do not use magic quotes! It's good that your checking for it, but I strongly suggest having it turned off. It has even been removed from PHP 6 because of issues related to it.

Escape any data that goes into a database! SQL injection can cripple a site, or worse yet, let a hacker sneak in quietly. Along with normal data verification, you should always use mysql_real_escape_string() (http://us3.php.net/mysql_real_escape_string) on any variables going into a query. INSERT, UPDATE, REPLACE, DELETE, and SELECT. Always assume that no query is safe.

Thanks for the reply, appreciate your advise, you have mentioned the magic quotes and i was wondering how to turn these off?



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum