1

I want to Make a file download section by file id with PHP.

My Concept Is:

  • I upload files via file manager/ftp client,

  • And i Decide a file id. Then In "Admin_Index.php" page I Register The File Id With The File Path that i have uploaded.

  • And User can download from "PAGE.html" file, where the download link available with id. And in the "download.php" i query and check that the file id exist or not. if exist then the path from the query will be store in php header and redirect..

But it is not working correctly.. Files code are given bellow..

Code of Admin_index.php

<strong>Welcome to Admin Panel For File Registration Into DB</strong><br>
<form action="dbreg.php" method="post">
File Id : <input type="text" name="fid" value="" /><br />
Path : <input type="url" name="fpath" value="" maxlength="250"/><br />
<input type="submit" value="Add to DB" />
</form>

<?php 
        $iden=$_GET['idn'];
        if ($iden==null and $iden=="")
        {
        echo 'Register DB Here';
        }
        if ($iden==2)
        {
        echo 'File ID With path Successfully Added';
        }
        if ($iden==1)
        {
        echo 'File Id Already Exist , Please try with a new one';
        }

        ?>

Code of connection.php

<?php
$mysql_hostname = "localhost";
$mysql_user = "user";
$mysql_password = "******";
$mysql_database = "database";

$bd = mysql_connect($mysql_hostname, $mysql_user, $mysql_password) or die("Could not connect database");
mysql_select_db($mysql_database, $bd) or die("Could not select database");
?>

Code of "dbreg.php"

<?php
session_start();
include('connection.php');
$id=$_POST['fid'];
$path=$_POST['fpath'];

$qry="select id from files where id= $id";
$result=mysql_query($qry);

if($result) {
    if($result->num_rows == 0)
    {  $idn=2; // means the id does not exist 
        mysqli_query("INSERT INTO files(id, path) VALUES ('$id', '$path')");
        header('location: index.php?idn=2');  }
    else if($result->num_rows >0)
    {  $idn=1; // means the id does exist 
    header('location: index.php?idn=1'); } } 

?>

Code of "PAGE.html"

<body>
Downlaod Section<br>
<ol>
<li><a href="download.php?id=110">File 1</a></li>
<li><a href="download.php?id=212">File 2</a></li>
<li><a href="download.php?id=314">File 3</a></li>
<li><a href="download.php?id=550">File 4</a></li>
</body>

Code of "download.php"

<?php
session_start();
include('connection.php');
$idd=$_GET['id'];
$qry="select id,path from files where id= $idd";
$result=mysql_query($qry);

if($result) {
    if($result->num_rows == 0)
    { $idn=0;
        echo '404 Error! No file exists with that ID'; }
    else if($result->num_rows == 1)
    { $idn=1; // file id exist
        $row = mysql_fetch_assoc($result);
    $filename=$row['path']; 
header("$filename");} }
     else { echo 'Error! File ID is Required.';}
Gumbo
  • 643,351
  • 109
  • 780
  • 844
Joy
  • 11
  • 6
  • 1
    Your code is vulnerable to SQL injections. You should read on [how to prevent them in PHP](http://stackoverflow.com/q/60174/53114). – Gumbo Apr 27 '14 at 09:56
  • "Not working correctly" is not a question. You'll have to describe where it's failing ,or what the error is, or give some kind of clue as to what needs to be answered before anyone will bother answering. – GDP Apr 27 '14 at 13:20
  • **Actually when i inserting file id and path in Admin_Index.php page then it showing that ** _"File ID With path Successfully Added"_ ** but in the database the id and path not inserted!!!! the database remain blank!** – Joy Apr 27 '14 at 16:04

0 Answers0