Php 错误查询失败,请检查手动第3行
我的upload.php和view.php工作正常,但我无法创建下载链接来下载文件。db name=dbtuts 下载选项的链接是:Php 错误查询失败,请检查手动第3行,php,sql,download,upload,Php,Sql,Download,Upload,我的upload.php和view.php工作正常,但我无法创建下载链接来下载文件。db name=dbtuts 下载选项的链接是: <td><a href='download.php?id=<?php echo $row['file_name']; ?>'>Download</a></td> 下面是download.php的代码 <?php // Make sure an ID was passed if(is
<td><a href='download.php?id=<?php echo $row['file_name']; ?>'>Download</a></td>
下面是download.php的代码
<?php
// Make sure an ID was passed
if(isset($_GET['id'])) {
// Get the ID$id
$file_name= ($_GET['id']);
// Make sure the ID is in fact a valid ID
if($file_name == NULL) {
die('The name is invalid!');
}
else {`enter code here`
// Connect to the database
$dbLink = new mysqli('localhost', 'root', "", 'dbtuts');
if(mysqli_connect_errno()) {
die("MySQL connection failed: ".mysqli_connect_error());
}
// Fetch the file information
$query = "
SELECT file, type, size
FROM tbl_uploads
WHERE `file` = {$file_name}";
$result = $dbLink->query($query);
if($result) {
// Make sure the result is valid
if($result->num_rows == 1) {
// Get the row
$row = mysqli_fetch_assoc($result);
header("Content-Type: ".$row['type']);
header("Content-Length: ".$row['size']);
header("Content-Disposition: attachment");
// disopsition = attachment to force download request
// Print data
echo $row['data'];
}
else {
echo 'Error! No file exists with that ID.';
}
// Free the mysqli resources
@mysqli_free_result($result);
}
else {
// if there is an error excuting the query
echo "Error! Query failed: <pre>{$dbLink->error}</pre>";
}
// close database connection
@mysqli_close($dbLink);
}
}
else {
// if no ID passed
echo 'Error! No ID was passed.';
}
?>
其中`file`={$file\u name}
我假设$file\u name
是一个字符串?如果是这样,则需要将其包含在“
标记中。。。为什么不使用绑定参数呢?文件名是一个字符串,必须用单引号括起来。了解防止SQL注入的准备语句您的代码使用@
来抑制警告/错误。这是个坏习惯。删除这些错误并处理所有可以处理的错误,并让其他错误由错误处理程序处理。抑制它们会使调试更加困难。请阅读-总结是,这不是一个理想的方式来解决志愿者,可能会适得其反获得答案。请不要将此添加到您的问题中。