我在 3_day_notice_fad_pdf 文件夹中有一些pdf文件。现在我必须根据查询条件以zip格式下载pdf文件。
<?php
include("connection.php");
extract($_REQUEST);
$query=mysql_query("select fad_html_name from fad_record where t_id='$word'") or die(mysql_error());
while($result=mysql_fetch_array($query,MYSQL_ASSOC))
{
extract($result);
$movies_id[] = "3_day_notice_fad_pdf/$fad_html_name";
}
$movies_id = array();
//print_r($movies_id);
$zipname = 'file.zip';
$zip = new ZipArchive;
$zip->open($zipname, ZipArchive::CREATE);
foreach ($movies_id as $file) {
$zip->addFile($file);
}
$zip->close();
header('Content-Type: application/zip');
header('Content-disposition: attachment; filename='.$zipname);
header('Content-Length: ' . filesize($zipname));
readfile($zipname);
?>
Zip文件工作正常,但它正在下载 3_day_notice_fad_pdf 文件夹中的所有文件。在查询条件,t_id ='$ word'时,它无法验证。
答案 0 :(得分:1)
你在这里做了几件坏事。
不要将查询字符串直接传递给SQL。它将导致SQL注入,您的应用程序将受到损害。见这里:https://stackoverflow.com/a/60496/2520628
您正在循环
更正后的代码:
<?php
include("connection.php");
$word = $_REQUEST['word'];
$query=mysql_query("select fad_html_name from fad_record where t_id='$word'") or die(mysql_error());
while($result=mysql_fetch_array($query,MYSQL_ASSOC))
{
$movies_id[] = "3_day_notice_fad_pdf/" . $result['fad_html_name'];
}
$zipname = 'file.zip';
$zip = new ZipArchive;
$zip->open($zipname, ZipArchive::CREATE);
foreach ($movies_id as $file) {
$zip->addFile($file);
}
$zip->close();
header('Content-Type: application/zip');
header('Content-disposition: attachment; filename='.$zipname);
header('Content-Length: ' . filesize($zipname));
readfile($zipname);
?>