Downloading Multiple pdf files on One click in zip

Question

I have some pdf files in folder 3_day_notice_fad_pdf. Now I have to download pdf files in zip form, based on query condition.

<?php
 include("connection.php");
extract($_REQUEST);
$query=mysql_query("select fad_html_name from fad_record where t_id='$word'") or die(mysql_error());
while($result=mysql_fetch_array($query,MYSQL_ASSOC))
{
extract($result);   
$movies_id[] = "3_day_notice_fad_pdf/$fad_html_name";
}
 $movies_id = array();

 //print_r($movies_id);
  $zipname = 'file.zip';
  $zip = new ZipArchive;
   $zip->open($zipname, ZipArchive::CREATE);
  foreach ($movies_id as $file) {
   $zip->addFile($file);
  }
  $zip->close();
  header('Content-Type: application/zip');
  header('Content-disposition: attachment; filename='.$zipname);
  header('Content-Length: ' . filesize($zipname));
  readfile($zipname);
  ?>

Zip file is working perfectly, but it is downloading all the files present in folder 3_day_notice_fad_pdf. It is not validating with condition where t_id='$word' in query.

thank you for reply...$word is coming from xyz.php with query string. extract($_REQUEST); takes as a variable to word. — user3526766, Jul 27 '17 at 07:57
So you're passing a request variable directly to an sql query? You're doing bad things there! — eisbehr, Jul 27 '17 at 07:58

Tejashwi Kalp Taru · Accepted Answer · 2017-07-27T10:56:09.577

1

You are doing several bad things here.

Do not pass query strings directly to SQL. It will lead to SQL injection and your application will be compromised. See here: https://stackoverflow.com/a/60496/2520628
You are clearing your files array just after loop

Corrected code:

<?php
 include("connection.php");
$word = $_REQUEST['word'];
$query=mysql_query("select fad_html_name from fad_record where t_id='$word'") or die(mysql_error());
while($result=mysql_fetch_array($query,MYSQL_ASSOC))
{ 
$movies_id[] = "3_day_notice_fad_pdf/" . $result['fad_html_name'];
}

  $zipname = 'file.zip';
  $zip = new ZipArchive;
  $zip->open($zipname, ZipArchive::CREATE);
  foreach ($movies_id as $file) {
    $zip->addFile($file);
  }
  $zip->close();
  header('Content-Type: application/zip');
  header('Content-disposition: attachment; filename='.$zipname);
  header('Content-Length: ' . filesize($zipname));
  readfile($zipname);
  ?>

edited Jul 27 '17 at 10:56

answered Jul 27 '17 at 08:30

Tejashwi Kalp Taru

2,994
2
20
35

means zip function should be in while loop and do not use new array, because $result fetch array?? – user3526766 Jul 27 '17 at 08:43
what's the output of movies_id just after while loop? – Tejashwi Kalp Taru Jul 27 '17 at 09:07
it contains all values fetched from query – user3526766 Jul 27 '17 at 09:12
Obviously! Now the values are the file names, I guess which you would like to put in ZIP file right? If yes, remove this line `$movies_id = array();` just after while loop and try – Tejashwi Kalp Taru Jul 27 '17 at 09:14
I removed $movies_id = array(); But still same problem. Downloading all files, not only conditioned files. – user3526766 Jul 27 '17 at 09:25
Are you getting correct values in movies_id array? only filtered ones? or the array contains all the files? – Tejashwi Kalp Taru Jul 27 '17 at 09:27
delete any previously created ZIP file in folder and if the movies_id contains correct values, your code should create correct ZIP – Tejashwi Kalp Taru Jul 27 '17 at 09:41
Let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/150280/discussion-between-tejashwi-kalp-taru-and-user3526766). – Tejashwi Kalp Taru Jul 27 '17 at 09:48

Downloading Multiple pdf files on One click in zip

1 Answers1