好吧,我试图建立一个安全的下载系统,其中一个特定的许可证号码的买家可以访问下载,他可以在他的许可解除前下载两次。为了做到这一点,我在同一行中的'product_id'和'license_number'列旁边有'count'列。当我的paypal ipn脚本确认时,产品ID和许可证号码会自动生成并传递给买方。脚本运行两次?
现在问题是:当他们访问带有正确变量的下载页面时,count会被+1更新,但由于某种原因,这个sql查询会运行两次,实际上我的数据库中会得到+2。我已经改变了一点,先检查一下这个值,然后相应地改变(看看是否修复了这个错误),但错误仍然没有被修复。
我个人认为也许我调用一个文件下载会使脚本运行两次,或者我错了吗?
这是代码:
<?php
include ('../storescripts/connect_to_mysql.php');
// Looks first if the post variables have been set
if(!isset($_GET['id']) && ($_GET['lcn'])){
// Error output
echo 'The big PHP monster will not accept you into his cave without bringing an offering of variables!';
} else {
// Set the variables
$id = $_GET['id'];
$license_number = $_GET['lcn'];
// Check if there is such a thing (Yes, aliens) as the given id and license number
$sql = mysql_query("SELECT * FROM secure_downloads WHERE product_id ='$id' AND license_number ='$license_number' LIMIT 1");
$result = mysql_num_rows($sql);
if($result > 0){
// Now update the download count
// Check first if the count is 0
// Make a variable from the count sql
$sql_count = mysql_query("SELECT * FROM secure_downloads WHERE product_id='$id' AND license_number='$license_number' LIMIT 1");
while($row = mysql_fetch_assoc($sql_count)){
$count = $row['count'];
}
// Check if the count is above two
if ($count >= 2){
// Download has already been downloaded 2 times, do not allow download
echo 'The download limit for this file has been reached.';
exit();
} else if ($count = 0) {
// Everything is alright, start downloading
// Force the file download
$file = 'test.jpg';
// Change the count to 1
mysql_query("UPDATE secure_downloads SET count=1 WHERE product_id = '$id' AND license_number = '$license_number'");
readfile($file);
exit();
} else if ($count = 1) {
// Everything is alright, start downloading
// Force the file download
$file = 'test.jpg';
// Change the count to 2
mysql_query("UPDATE secure_downloads SET count=2 WHERE product_id = '$id' AND license_number = '$license_number'");
header('Content-Description: File Transfer');
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename='.basename($file));
header('Content-Transfer-Encoding: binary');
header('Expires: 0');
header('Cache-Control: must-revalidate');
header('Pragma: public');
header('Content-Length: ' . filesize($file));
ob_clean();
flush();
readfile($file);
exit();
}
} else {
// It doesn't exist, tell the user either the variables were wrong or the
// download limit has been reached
echo 'Cannot download the file, either the link is wrong or the download limit has been reached';
}
}
?>
IPN是否将其帖子发送到相同的脚本? – yoavmatchulsky 2012-07-23 16:32:55
这就是为什么您应该使用POST进行可以更改服务器状态的操作的一个原因。浏览器可以自由地假设GET请求不会导致任何可观察的状态变化,因此如果他们愿意,他们可以自由地多次请求这些页面。 – cdhowie 2012-07-23 16:33:12
@yoavmatchulsky它会,但现在这只是一个独立的脚本即时测试 – 2012-07-23 16:51:38