Download link not working

PRodgers4284 · 02-18-2008, 04:51 PM

I am having trouble with a download link, it doesnt same to be working but i can see the file the bottom left of the screen once i click it but it doesnt same to download the file. I have the file uploading to a file on the server and the file goes into the database fine but it doesnt same to open the document when i click on the link, can anyone help please

My code for the upload file is

PHP Code:


			
$uploadDir = 'C:/wamp/www/upload/';



if (isset($_POST['submit']) && $error_stat == 0) {



    $fileName = $_FILES['userfile']['name'];

    $tmpName  = $_FILES['userfile']['tmp_name'];

    $fileSize = $_FILES['userfile']['size'];

    $fileType = $_FILES['userfile']['type'];



    // the files will be saved in filePath 

    $filePath = $uploadDir . $fileName;



    // move the files to the specified directory

    // if the upload directory is not writable or

    // something else went wrong $result will be false

    $result    = move_uploaded_file($tmpName, $filePath);

    if (!$result) {

        echo "Error uploading file";

        exit;

    }



    include("database.php");



    if(!get_magic_quotes_gpc())

    {

        $fileName  = addslashes($fileName);

        $filePath  = addslashes($filePath);

    }  

    

    

 

     mysql_query("UPDATE users SET username='" . $_POST["username"] . "',jobcatergory='" . $_POST["jobcatergory"] . "',recentjob='" . $_POST["recentjob"] . "',employmenttype='" . $_POST["employmenttype"] . "',careerlevel='" . $_POST["careerlevel"] . "',educationallevel='" . $_POST["educationallevel"] . "',skills='" . $_POST["skills"] . "', name='$fileName', type='$fileType', size='$fileSize', path='$filePath' WHERE username='" . $_SESSION["username"] . "'");  

?>

And the download link to the file is:

PHP Code:


			
<?php echo '<a href="'.$account['path'].'">Download File</a>'; ?

Ultragames · 02-19-2008, 01:47 AM

I don't have an answer to your question, but I can't pass by this thread with out pointing a few things out:

Do not use magic quotes! It's good that your checking for it, but I strongly suggest having it turned off. It has even been removed from PHP 6 because of issues related to it.

Escape any data that goes into a database! SQL injection can cripple a site, or worse yet, let a hacker sneak in quietly. Along with normal data verification, you should always use mysql_real_escape_string() on any variables going into a query. INSERT, UPDATE, REPLACE, DELETE, and SELECT. Always assume that no query is safe.

PRodgers4284 · 02-19-2008, 01:45 PM

Quote:

Originally Posted by Ultragames

I don't have an answer to your question, but I can't pass by this thread with out pointing a few things out:

Do not use magic quotes! It's good that your checking for it, but I strongly suggest having it turned off. It has even been removed from PHP 6 because of issues related to it.

Escape any data that goes into a database! SQL injection can cripple a site, or worse yet, let a hacker sneak in quietly. Along with normal data verification, you should always use mysql_real_escape_string() on any variables going into a query. INSERT, UPDATE, REPLACE, DELETE, and SELECT. Always assume that no query is safe.

Thanks for the reply, appreciate your advise, you have mentioned the magic quotes and i was wondering how to turn these off?