Download function downloads .php file instead

Question

Recently I started PHP programming and I am currently working on a project where users can buy games digitally. So here's the problem I am facing at the moment, I created a library section for users where they can see their games that they bought and download them by clicking a button but whenever I clicked on the download button it will automatically download the file named download.php script file where inside is a bunch of error messages instead of the file I wanted. Below are my codes for the project.

Download.php(Download Script)

<?php
require_once("conn.php");

if(isset($_GET['id'])){
  $id = $_GET['id'];
  $sql="SELECT * FROM games WHERE game_downloadpath=$id";
  $result = mysqli_query($con,$sql);
  $file = mysqli_fetch_assoc($result);
  $filepath = 'gamefiles/' . $file['name'];

  if(file_exists($filepath)){
    header('Content-Type: application/octet-stream');
    header('Content-Description: File Transfer');
    header('Content-Desposition: attachment; filename=' . basename($filepath));
    header('Expires: 0');
    header('Cache-Control: must-revalidate');
    header('Pragma:public');
    header('Content-Length:' . filesize('gamefiles/' .$file['name']));
    readfile('gamefiles/' . $file['name']);
  }
}
?>
<script type="text/javascript">
  window.location.replace("library.php");
</script>

Library.php(Only Important codes will be shown)

<div class="block"></div>
  <section class="library-section">
    <div class="sidebar-div">
      <input type="text" placeholder="Search"> <button type="button" name="button">
        <i class="fas fa-search"></i>
      </button>
    </div>
    <div class="game-div">
      <h1>all games</h1>
      
            <?php
      include("conn.php");
      $CID = $_SESSION['id'];
      $search = isset($_POST['searchbox']) ? $_POST['searchbox'] : '' ;
      
      //for search function
      if ($search == NULL)
      {
        $result = mysqli_query($con,"Select * from games inner join purchase on purchase.purchase_game = games.game_ID inner join users on users.user_id = purchase.purchase_customer where games.game_status = 1 AND purchase.purchase_customer='$CID'");

        while($row = mysqli_fetch_array($result))
        { ?>
       <div class="games">
       <img src="<?php echo $row['game_photopath'] ?>">
       <div class="info-div">
      <h2><?php echo $row['game_name'] ?> </h2>
      <h4></h4>
      <a href="download.php?id=<?php echo $row['game_downloadpath']?>"><button type="submit" name="">
        <i class="fas fa-download"></i>
      </button></a>
    </div>
  </div>
  <?php }               
          } ?>    
  <div class="block">
  </div>
  </div>
</div>                             
  <!--  <div class="individual-game-div">
  </div>-->
  </section>
 <!-- </form> -->
<!-- /Main Content -->

Here is the code in the file that I mentioned earlier.

<br />
<b>Warning</b>:  mysqli_fetch_assoc() expects parameter 1 to be mysqli_result, bool given in <b>C:\xampp\htdocs\SDP-Nexus-master\Foong's part\download.php</b> on line <b>28</b><br />
<br />
<b>Notice</b>:  Trying to access array offset on value of type null in <b>C:\xampp\htdocs\SDP-Nexus-master\Foong's part\download.php</b> on line <b>29</b><br />
<br />
<b>Notice</b>:  Trying to access array offset on value of type null in <b>C:\xampp\htdocs\SDP-Nexus-master\Foong's part\download.php</b> on line <b>39</b><br />
<br />
<b>Notice</b>:  Trying to access array offset on value of type null in <b>C:\xampp\htdocs\SDP-Nexus-master\Foong's part\download.php</b> on line <b>40</b><br />
<br />
<b>Warning</b>:  readfile(gamefiles/): failed to open stream: No such file or directory in <b>C:\xampp\htdocs\SDP-Nexus-master\Foong's part\download.php</b> on line <b>40</b><br />

<script type="text/javascript">
  window.location.replace("library.php");
</script>

Here is my database structure

Posting the error messages would probably help someone answer. — TheKingElessar, Jul 17 '20 at 16:44
Does this answer your question? [mysqli\_fetch\_assoc() expects parameter / Call to a member function bind\_param() errors. How to get the actual mysql error and fix it?](https://stackoverflow.com/questions/22662488/mysqli-fetch-assoc-expects-parameter-call-to-a-member-function-bind-param) — Dharman, Jul 17 '20 at 19:24

score -1 · Answer 1 · answered Jul 17 '20 at 19:07

Your sql statement to get the filename is

 $sql="SELECT * FROM games WHERE game_downloadpath=$id";

However there is no check, if $id does really exist in the database or if the result returns a valid array. The mysqli_fetch_assoc() is immediatly called even if the result of mysqli_query returns false

  $result = mysqli_query($con,$sql);
  $file = mysqli_fetch_assoc($result);

The error message clearly tells you:

mysqli_fetch_assoc() expects parameter 1 to be mysqli_result, bool given

The assumes the given value of $id does not exist on the database or results in an invalid SQL statement.

Because of this every other error message is a followup result of this unfetched behavior , because all your later code tries to access an array element which does not exists and thus cannot provide a valid filename and therefore your final readfile() cannot find any existing filepath.

Download function downloads .php file instead

1 Answers1