Ajax Question

Downloading Multiple pdf files on One click in zip

I have some pdf files in folder 3_day_notice_fad_pdf. Now I have to download pdf files in zip form, based on query condition.

$query=mysql_query("select fad_html_name from fad_record where t_id='$word'") or die(mysql_error());
$movies_id[] = "3_day_notice_fad_pdf/$fad_html_name";
$movies_id = array();

$zipname = '';
$zip = new ZipArchive;
$zip->open($zipname, ZipArchive::CREATE);
foreach ($movies_id as $file) {
header('Content-Type: application/zip');
header('Content-disposition: attachment; filename='.$zipname);
header('Content-Length: ' . filesize($zipname));

Zip file is working perfectly, but it is downloading all the files present in folder 3_day_notice_fad_pdf. It is not validating with condition where t_id='$word' in query.

Answer Source

You are doing several bad things here.

  1. Do not pass query strings directly to SQL. It will lead to SQL injection and your application will be compromised. See here:

  2. You are clearing your files array just after loop

    while($result=mysql_fetch_array($query,MYSQL_ASSOC)) { extract($result);
    $movies_id[] = "3_day_notice_fad_pdf/$fad_html_name"; } $movies_id = array(); // this will clear old data

