TalkPHP - View Single Post

sketchMedia · 01-17-2008, 11:54 AM

i still dont get why you have 2 parameters in _Download, if both args take the same value (i.e. $_GET['file'] ) then whats the point, as far as i can see nothing changes the values of the parameters within the function so wouldnt this do the same:

PHP Code:


			
function _Download($file)
{
    header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
    header('Content-Description: File Transfer');
    header('Content-Type: application/octet-stream');
    header('Content-Length: ' . filesize($file));
    header('Content-Disposition: attachment; filename=' . basename($file));
    readfile($file);
}

looks like a waste of memory to me, note: i havnt tested it im at work and i cba.
and yes sjaq is correct, you will need some form of filtering for $_GET too otherwise anything could be inputted.

Other than that, good job.

01-17-2008, 11:54 AM	#16 (permalink)
sketchMedia The Prestige Join Date: Oct 2007 Location: Manchester, UK Posts: 854 Thanks: 32	i still dont get why you have 2 parameters in _Download, if both args take the same value (i.e. $_GET['file'] ) then whats the point, as far as i can see nothing changes the values of the parameters within the function so wouldnt this do the same: PHP Code: `function _Download($file) { header('Cache-Control: must-revalidate, post-check=0, pre-check=0'); header('Content-Description: File Transfer'); header('Content-Type: application/octet-stream'); header('Content-Length: ' . filesize($file)); header('Content-Disposition: attachment; filename=' . basename($file)); readfile($file); }` looks like a waste of memory to me, note: i havnt tested it im at work and i cba. and yes sjaq is correct, you will need some form of filtering for $_GET too otherwise anything could be inputted. Other than that, good job. __________________ mysql> SELECT * FROM `users` WHERE `users`.`clue` > 0; Empty set (0.00 sec)