目前我使用以下php代码下载文件。
菲律宾代码:
<?php
timeout();
//require_once("config.php");
if(!isset($_SESSION['front_username']) && isset($_SESSION['front_username']) == "" &&
!isset($_SESSION['front_password']) && isset($_SESSION['front_password']) == "" &&
!isset($_SESSION['user_id']) && isset($_SESSION['user_id']) == "") {
header("Location:login.php");
exit();
}
$file_get = $_GET['filename'];
$tmp = explode(".",$file_get);
$file_name1 = substr($file_get, 33);
switch ($tmp[count($tmp)-1]) {
case "pdf": $ctype="application/pdf"; break;
case "exe": $ctype="application/octet-stream"; break;
case "zip": $ctype="application/zip"; break;
case "docx":
case "doc": $ctype="application/msword"; break;
case "csv":
case "xls":
case "xlsx": $ctype="application/vnd.ms-excel"; break;
case "ppt": $ctype="application/vnd.ms-powerpoint"; break;
case "gif": $ctype="image/gif"; break;
case "png": $ctype="image/png"; break;
case "jpeg":
case "jpg": $ctype="image/jpg"; break;
case "tif":
case "tiff": $ctype="image/tiff"; break;
case "psd": $ctype="image/psd"; break;
case "bmp": $ctype="image/bmp"; break;
case "ico": $ctype="image/vnd.microsoft.icon"; break;
default: $ctype="application/force-download";
}
header("Pragma: public"); // required
header("Expires: 0");
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
header("Cache-Control: private",false); // required for certain browsers
header("Content-Type: $ctype");
header("Content-Disposition: attachment; filename='"".$file_name1."'";" );
header("Content-Transfer-Encoding: binary");
header("Content-Length: ".filesize("upload_doc/$file_get"));
ob_clean();
flush();
readfile("upload_doc/$file_get" );
?>
如果上传的文件名为字母数字,则下载正确。但是,如果上传的文件名具有此文本,例如my doc #2.doc或dev & developer.doc则它正在下载但不显示。在我下载的文件夹中,我看到my doc.
我不明白我的代码有什么问题,有人可以告诉我吗?
& 和 # 是 URL 特殊字符。
尝试访问文件时,您应该使用 urlencode PHP 方法以正确的方式对任何特殊字符进行编码:http://php.net/manual/en/function.urlencode.php
出于安全目的,也许您应该在Apache级别管理您的mime类型:Apache2 服务器 MIME 类型
或者,如果不能,请过滤获取参数以避免用户请求服务器上的任何路径:http://php.net/manual/en/function.filter-input.php