SitePoint Sponsor

User Tag List

Results 1 to 5 of 5
  1. #1
    SitePoint Evangelist
    Join Date
    Dec 2006
    Posts
    430
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Counting the number of downloads

    Hi Guys,

    on my site when a user goes to the "downloads.php" page i update mysql to say downloads+1 to increment the number of downloads each time (but saying that not everyone who goes to the downloads page downloads something)

    the code is pretty basic:

    downloads.php

    PHP Code:
         // start by grabbing the id...//////////////////////////////////////////////////
         
    $id $_GET['id'];    
         
         
    // get the file...///////////////////////////////////////////////////////////////////
         
    $query1 "SELECT * FROM `uploads` WHERE `id`='$id'"
         
    $result1 mysql_query($query1);
         
    $row mysql_fetch_array($result1);
         
         
    $file_id $row['file_id']; 
         
    $file_name $row['file_name'];
         
         
    // update the hit counter...////////////////////////////////////////////////////////
         
    mysql_query("UPDATE `uploads` SET `downloads`=`downloads` + 1 WHERE `id`='$id'"); 
    i was thinking a better way would be to place a button there when pressed the download box pops up and THEN it increments mysql but i'm not entirely sure where to go from there i can do the buttons ok:

    PHP Code:
    <input type="submit" name="submit" value="download" /> 
    so when the button is pressed the downloads starts (it's not a specific filename) so the name of the downloaded file changes depending on what the uploader has called it kinda thing.

    any help would be great.

    cheers

    Graham

  2. #2
    SitePoint Enthusiast SecondV's Avatar
    Join Date
    Jan 2006
    Location
    Kentucky
    Posts
    73
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    So,
    Code PHP:
    // start by grabbing the id...//////////////////////////////////////////////////
     
         $id = $_GET['id'];    
     
     
     
         // get the file...///////////////////////////////////////////////////////////////////
     
         $query1 = "SELECT * FROM `uploads` WHERE `id`='$id'"; 
     
         $result1 = mysql_query($query1);
     
         $row = mysql_fetch_array($result1);
     
     
     
         $file_id = $row['file_id']; 
     
         $file_name = $row['file_name'];
     
     
     
         // update the hit counter...////////////////////////////////////////////////////////
     
         mysql_query("UPDATE `uploads` SET `downloads`=`downloads` + 1 WHERE `id`='$id'");

    is all that's in downloads.php? - You could do the following:

    Code PHP:
    // start by grabbing the id...//////////////////////////////////////////////////
     
    $id = intval($_GET['id']); // going straight to mysql without making sure it's an int.. not wise
     
    if ($id == 0)
    {
        exit;
    }
     
    // get the file...///////////////////////////////////////////////////////////////////
    $query1 = mysql_query("
        SELECT file_id, file_name
        FROM uploads WHERE id=$id
    "); 
     
    if (mysql_num_rows($query1) > 0)
    {
        echo 'Your download should start immediately.';
     
        $row = mysql_fetch_assoc($query1);
        $file_id = $row['file_id']; 
        $file_name = $row['file_name'];
     
        // update the hit counter...////////////////////////////////////////////////////////
        mysql_query("
            UPDATE uploads
            SET downloads=downloads+1
            WHERE id=$file_id
        ");
    }
    exit;

    Then for the button, something like this *may* work:
    Code HTML4Strict:
    <input type="submit" name="submit" value="download" onclick="window.open('downloads.php?id=(code here to set id)');" />

    If I understand what you're wanting to do.. correctly.

  3. #3
    SitePoint Evangelist
    Join Date
    Dec 2006
    Posts
    430
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hi Mate,

    that's pretty much it it's given me something to work on thanks mate

    Graham

  4. #4
    SitePoint Enthusiast SecondV's Avatar
    Join Date
    Jan 2006
    Location
    Kentucky
    Posts
    73
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    No problem

  5. #5
    An average geek earl-grey's Avatar
    Join Date
    Mar 2005
    Location
    Ukraine
    Posts
    1,403
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Your script is vulnerable by SQL injection


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •