-1

I have a link. When users click on that link it will update the count on database and the application will gets installed. 

<a style="text-decoration: none" mimeType="application/vnd.android.package-archive"  href="http://way2enjoy.com/touch/w2et/appdownload.php?file=http://way2enjoy.com/android/Way2Enjoy.apk?32" target="_new">Download Android <img src="http://www.way2enjoy.com/touch/w2et/android32.png" />app</a>

I have tried this file by directly pointing to android file and it got install without any issue but when i am going through this link it seems to be working and in pc and android file is getting downloaded but when i try to install file in android i get parsing error.

Here is my appdownload.php code

$c=explode("?",$_SERVER[ 'REQUEST_URI' ]);  $city=end($c); 

$c=explode("?file=",$_SERVER[ 'REQUEST_URI' ]);  $city1=end($c); 

$content = file_get_contents($city1);

header("Content-Type: application/vnd.android.package-archive"); 
header("Content-Disposition: attachment; filename=Way2Enjoy.apk");
mysql_query("update table SET count=count+1 where id='$city'");
echo $content;

mysql count increases without any isssue and file is also getting downloaded but that file is not getting installed in android.

Any idea?

Touki
  • 7,465
  • 3
  • 41
  • 63
chetna123
  • 47
  • 4
  • you can't install an apk without user's interaction , you should better user a google play link and on the click of that you can easily redirect him to your google play app link. – Prateek Oct 14 '13 at 09:17
  • @prateek i dont have any problem with user interaction it is getting installed when i click directly on link after that it will download and install but i want to count the no of times it is gettin g downloaded so i am using this link here also its gettign downloaded but not getting installed – chetna123 Oct 14 '13 at 09:19
  • Bear in mind that your SQL is vulnerable to an [injection](http://en.wikipedia.org/wiki/SQL_injection) attack. If someone prepares a URI that puts something nasty into `$city`, they will be able to damage your database/read all your records/whatever. Additionally, you should probably [move away from the PHP mysql extension](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php) in general. – Matt Gibson Oct 14 '13 at 09:35
  • @MattGibson i know.but in this case its only update no insert.if it will match then only update will be there – chetna123 Oct 14 '13 at 09:47
  • @chetna It doesn't matter. Anyone could do anything with your database, as it stands. For example, if $city ends up as something like `';DELETE FROM table;--` then all your records could be deleted. Really. Take some time to understand SQL injection attacks, and learn to use prepared statements with parameters using something more modern than mysql, like PDO. – Matt Gibson Oct 14 '13 at 10:09
  • @MattGibson thanks friend i will use pdo noonwards for all query – chetna123 Oct 14 '13 at 10:37

2 Answers2

1

You should use error Handling in your MySQL statements since you just echo the file content and if some other statements echo an error in your OutputStream you destroy the APK.

The Better way would be to redirect to the file like this: header('Location: http://way2enjoy.com/android/Way2Enjoy.apk');. Actually I have never tried this with Android apks but it should work.

chuck258
  • 912
  • 7
  • 16
0

I think that it is because that php code just starts the download and increments the counter. You can't be sure if the user installed the app finally.

I don't know if you are the owner of the Android app. In that case maybe you could increment the counter from the Android app so that you will ensure that the app has been installed properly.

Hope it helps!

jsanchez
  • 64
  • 5
  • it is getting installed when i click directly on link after that it will download and install but i want to count the no of times it is gettin g downloaded so i am using this link here also its gettign downloaded but not getting installed – chetna123 Oct 14 '13 at 09:21