The variables I submit, are retrieved from a database...so users can't enter anything,
I do have a warning inserted at the beginning of the file, how do I remove this warning? "Marek Kilimajer" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Adriaan Nel wrote: > > > Hi, > > > > I am using the following piece of code, to download files, but the files are > > allways corrupt...what am I doing wrong? > > > > > > if ($submit) { > > $full_filename = $_POST[full_filename]; > > $filename = $_POST[filename]; > > $dir = $_POST['dir']; > > $size = $_POST[size]; > > $id = $_POST[id]; > > > > if((file_exists($full_filename)) && (substr(decoct(fileperms($dir)),-1) >= > > 4)) { > > header("Content-type: ". "application/exe"); > > header("Content-Disposition: " . "attachment" . "; > > filename=\"".$filename)."\""; > > header("Content-Length: ".$size); > > $fp = readfile($full_filename, "r"); > > mysql_query ("INSERT INTO files_downloaded > > VALUES('$id','$ip',NOW())",$db_connection) or die (mysql_error()); > > return $fp; > > } > > } > > > > You might have a php warning in the downloaded file, it will be either > at the beginning or at the end, just open a text editor and view it. > > Also you don't check $full_filename, users can submit enything, e.g. > /etc/shadow or includes/config.php, and the script sends it. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php