我遇到了这个脚本的下载代码问题,我修改了它并添加了其他功能。只是脚本的下载部分不起作用,我将提供所有文件的完整代码。
upload.php的
<?php
require_once 'dbc.php';
page_protect();
$client_ID = mysql_query("SELECT id
FROM clients WHERE user_name='".$_SESSION['user_name']."'")or die(mysql_error());
$client_ID = mysql_fetch_array($client_ID);
$client_ID = $client_ID['id'];
$uploadDir = 'uploads/';
if(isset($_POST['upload']))
{
$fileName = $_FILES['userfile']['name'];
$tmpName = $_FILES['userfile']['tmp_name'];
$fileSize = $_FILES['userfile']['size'];
$fileType = $_FILES['userfile']['type'];
$filePath = $uploadDir . $fileName;
$result = move_uploaded_file($tmpName, $filePath);
if (!$result) {
echo "Error uploading file";
exit;
}
$hostname_conndb = "localhost";
$database_conndb = "uploads";
$username_conndb = "root";
$password_conndb = "";
$conndb = mysql_connect($hostname_conndb, $username_conndb, $password_conndb) or trigger_error(mysql_error(),E_USER_ERROR);
if(!get_magic_quotes_gpc())
{
$fileName = addslashes($fileName);
$filePath = addslashes($filePath);
}
$date = date('Y-m-d H:i:s');
$sql = "INSERT INTO upload2 (name, client, size, type, path, date ) ".
"VALUES ('$fileName', '$client_ID', '$fileSize', '$fileType', '$filePath', '$date')";
mysql_select_db($database_conndb, $conndb);
$result = mysql_query($sql, $conndb) or die(mysql_error());
echo "<br>File $fileName uploaded<br>";
}
?>
<html>
<head>
<title>Download File From MySQL</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link href="styles.css" rel="stylesheet" type="text/css">
</head>
<body>
<?php
$hostname_conndb = "localhost";
$database_conndb = "uploads";
$username_conndb = "root";
$password_conndb = "";
$conndb = mysql_connect($hostname_conndb, $username_conndb, $password_conndb) or trigger_error(mysql_error(),E_USER_ERROR);
$sql = "SELECT * FROM upload2 WHERE client='".$client_ID."' ORDER BY date DESC";
mysql_select_db($database_conndb, $conndb);
$result = mysql_query($sql, $conndb) or die(mysql_error());
$rows = mysql_fetch_assoc($result);
$total_rows = mysql_num_rows($result);
?>
Welcome <?php echo $_SESSION['user_name'];?>
<form method="post" enctype="multipart/form-data">
<table width="350" border="0" cellpadding="1" cellspacing="1" class="box">
<tr>
<td width="246">
<input type="hidden" name="MAX_FILE_SIZE" value="2000000">
<input name="userfile" type="file" id="userfile">
</td>
<td width="80"><input name="upload" type="submit" class="box" id="upload" value=" Upload "></td>
</tr>
</table>
</form>
<?php if($total_rows > 0) { ?>
<table border="0" cellpadding="0" cellspacing="0" id="tbl_repeat">
<tr>
<th scope="col">FIle/Image Name</th>
<th scope="col" style="width:15%">Date</th>
<th scope="col" style="width:10%">Size</th>
<th scope="col" style="width:10%">Download</th>
</tr>
<?php do { ?>
<tr>
<td><?php echo $rows['name']; ?></td>
<td><?php echo $rows['date']; ?></td>
<td><?php echo $rows['size']; ?></td>
<td><a href="downloads.php?id=<?php echo $rows['id']; ?>">Download</a></td>
</tr>
<?php } while($rows = mysql_fetch_assoc($result)); ?>
</table>
<?php } else { echo "<p class="warn">Sorry there are no records available.</p>"; } ?>
<p><br />
<a href="logout.php">Logout </a></p>
</body>
</html>
此代码工作正常。下载代码是:downloads.php
<?php
require_once 'dbc.php';
page_protect();
$client_ID = mysql_query("SELECT id
FROM clients WHERE user_name='".$_SESSION['user_name']."'")or die(mysql_error());
$client_ID = mysql_fetch_array($client_ID);
$client_ID = $client_ID['id'];
$uploadDir = 'uploads/';
if(isset($_POST['upload']))
{
$fileName = $_FILES['userfile']['name'];
$tmpName = $_FILES['userfile']['tmp_name'];
$fileSize = $_FILES['userfile']['size'];
$fileType = $_FILES['userfile']['type'];
$filePath = $uploadDir . $fileName;
$result = move_uploaded_file($tmpName, $filePath);
if (!$result) {
echo "Error uploading file";
exit;
}
$hostname_conndb = "localhost";
$database_conndb = "uploads";
$username_conndb = "root";
$password_conndb = "qaasim11";
$conndb = mysql_connect($hostname_conndb, $username_conndb, $password_conndb) or trigger_error(mysql_error(),E_USER_ERROR);
if(!get_magic_quotes_gpc())
{
$fileName = addslashes($fileName);
$filePath = addslashes($filePath);
}
$date = date('Y-m-d H:i:s');
$sql = "INSERT INTO upload2 (name, client, size, type, path, date ) ".
"VALUES ('$fileName', '$client_ID', '$fileSize', '$fileType', '$filePath', '$date')";
mysql_select_db($database_conndb, $conndb);
$result = mysql_query($sql, $conndb) or die(mysql_error());
echo "<br>File $fileName uploaded<br>";
}
?>
<html>
<head>
<title>Download File From MySQL</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link href="styles.css" rel="stylesheet" type="text/css">
</head>
<body>
<?php
$hostname_conndb = "localhost";
$database_conndb = "uploads";
$username_conndb = "root";
$password_conndb = "";
$conndb = mysql_connect($hostname_conndb, $username_conndb, $password_conndb) or trigger_error(mysql_error(),E_USER_ERROR);
$sql = "SELECT * FROM upload2 WHERE client='".$client_ID."' ORDER BY date DESC";
mysql_select_db($database_conndb, $conndb);
$result = mysql_query($sql, $conndb) or die(mysql_error());
$rows = mysql_fetch_assoc($result);
$total_rows = mysql_num_rows($result);
?>
Welcome <?php echo $_SESSION['user_name'];?>
<form method="post" enctype="multipart/form-data">
<table width="350" border="0" cellpadding="1" cellspacing="1" class="box">
<tr>
<td width="246">
<input type="hidden" name="MAX_FILE_SIZE" value="2000000">
<input name="userfile" type="file" id="userfile">
</td>
<td width="80"><input name="upload" type="submit" class="box" id="upload" value=" Upload "></td>
</tr>
</table>
</form>
<?php if($total_rows > 0) { ?>
<table border="0" cellpadding="0" cellspacing="0" id="tbl_repeat">
<tr>
<th scope="col">FIle/Image Name</th>
<th scope="col" style="width:15%">Date</th>
<th scope="col" style="width:10%">Size</th>
<th scope="col" style="width:10%">Download</th>
</tr>
<?php do { ?>
<tr>
<td><?php echo $rows['name']; ?></td>
<td><?php echo $rows['date']; ?></td>
<td><?php echo $rows['size']; ?></td>
<td><a href="downloads.php?id=<?php echo $rows['id']; ?>">Download</a></td>
</tr>
<?php } while($rows = mysql_fetch_assoc($result)); ?>
</table>
<?php } else { echo "<p class="warn">Sorry there are no records available.</p>"; } ?>
<p><br />
<a href="logout.php">Logout </a></p>
</body>
</html>
这也是我数据库的代码:
CREATE TABLE IF NOT EXISTS `upload2` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`client` int(11) NOT NULL,
`name` varchar(30) NOT NULL,
`type` varchar(30) NOT NULL,
`size` int(11) NOT NULL,
`path` varchar(60) NOT NULL,
`date` datetime NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=10 ;
--
-- Dumping data for table `upload2`
--
INSERT INTO `upload2` (`id`, `client`, `name`, `type`, `size`, `path`, `date`) VALUES
(1, 1, 'back.gif', 'image/gif', 1997, 'uploads/back.gif', '2010-09-19 12:17:05');
当我点击upload.php中的下载链接时,我收到以下错误 警告:mysql_fetch_array():提供的参数在第17行的downloads.php中不是有效的MySQL结果资源
中的文件不存在我不确定代码是否可以下载文件/图像,如果这个错误不是他们的,因为我无法弄清楚如何解决这个问题。
答案 0 :(得分:0)
您没有为第一个查询(获取$client_ID
)
$hostname_conndb = "localhost";
$database_conndb = "uploads";
$username_conndb = "root";
$password_conndb = "qaasim11";
$conndb = mysql_connect($hostname_conndb, $username_conndb, $password_conndb) or trigger_error(mysql_error(),E_USER_ERROR);
$client_ID = mysql_query("SELECT id
FROM clients WHERE user_name='".$_SESSION['user_name']."'")or die(mysql_error());
$client_ID = mysql_fetch_array($client_ID);
$client_ID = $client_ID['id'];
答案 1 :(得分:0)
需要考虑的一些事项:
if()
,或者字段是因某些原因未提交。一个万无一失的检查是if ($_SERVER['REQUEST_METHOD'] == 'POST') { ... }
。无论提交了哪些字段(如果有),无论何时执行脚本以响应POST请求,都是如此。['error']
参数是有原因的。 if ($_FILES['somefile']['error'] === UPLOAD_ERR_OK) { ... upload was successful ... }
['name']
参数,并盲目地将其用作move_uploaded_file()
中路径的一部分。该名称完全由用户控制,因此恶意用户可以轻松命名其文件../../../../../../windows/system32/kernel32.dll
,并且您的脚本将很乐意尝试杀死您的计算机addslashes()
,但是你不对$fileType
做同样的事情 - 这是客户提供的MIME类型 - 所以它再次完全由用户控制,并且因此,恶意攻击者可以轻松执行SQL注入攻击。