获取错误:类mysqli的对象无法转换为字符串
I got an Unique Download Link Generator from: here and started to set it up on my server, but if I try to open the download.php, I get the error:
Object of class mysqli could not be converted to string in
filepathon line 18.
The Problem is, that the code was made for PHP5 but I'm using PHP7 so there are some changes between the versions and I'm not able to find them and fix the problem.
My Code:
<?php
// Set the maximum number of downloads
$maxdownloads = "2";
// Set the key's viable duration in seconds (86400 seconds = 24 hours)
$maxtime = "86400";
require ('dbconnect.php');
if(get_magic_quotes_gpc()) {
$id = stripslashes($_GET['id']);
}else{
$id = $_GET['id'];
}
// Get the key, timestamp, and number of downloads from the database
$query = sprintf($link, "SELECT * FROM downloadkey WHERE uniqueid= '%s'",mysqli_real_escape_string($link, $id));
$result = mysqli_query($query) or die(mysqli_error());
$row = mysqli_fetch_array($result);
if (!$row) {
echo "The download key you are using is invalid.";
}else{
$timecheck = date('U') - $row['timestamp'];
if ($timecheck >= $maxtime) {
echo "This key has expired (exceeded time allotted).<br />";
}else{
$downloads = $row['downloads'];
$downloads += 1;
if ($downloads > $maxdownloads) {
echo "This key has expired (exceeded allowed downloads).<br />";
}else{
$sql = sprintf("UPDATE downloadkey SET downloads = '".$downloads."' WHERE uniqueid= '%s'",mysqli_real_escape_string($id, $link));
$incrementdownloads = mysqli_query($sql) or die(mysqli_error());
// Debug echo "Key validated.";
// Force the browser to start the download automatically
/*
Variables:
$file = real name of actual download file on the server
$filename = new name of local download file - this is what the visitor's file will actually be called when he/she saves it
*/
ob_start();
$mm_type="document/text";
$file = "text.txt";
$filename = "text.txt";
header("Cache-Control: public, must-revalidate");
header("Pragma: no-cache");
header("Content-Type: " . $mm_type);
header("Content-Length: " .(string)(filesize($file)) );
header('Content-Disposition: attachment; filename="'.$filename.'"');
header("Content-Transfer-Encoding: binary
");
ob_end_clean();
readfile($file);
}
}
}
?>
I can see two problems in your code. Firstly, on this line:
$query = sprintf($link, "SELECT * FROM downloadkey WHERE uniqueid= '%s'",mysqli_real_escape_string($link, $id));
$link should not be an input to sprintf. This is what is causing the error message that you are seeing. Change it to:
$query = sprintf("SELECT * FROM downloadkey WHERE uniqueid= '%s'",mysqli_real_escape_string($link, $id));
Also, on this line:
$sql = sprintf("UPDATE downloadkey SET downloads = '".$downloads."' WHERE uniqueid= '%s'",mysqli_real_escape_string($id, $link));
the order of parameters to mysqli_real_escape_string is incorrect (it should be $link, $id), so change that line to:
$sql = sprintf("UPDATE downloadkey SET downloads = '".$downloads."' WHERE uniqueid= '%s'",mysqli_real_escape_string($link, $id));
You also need to change this line:
$incrementdownloads = mysqli_query($sql) or die(mysqli_error());
to
$incrementdownloads = mysqli_query($link, $sql) or die(mysqli_error($link));