更好的解决方案是:
$filename = $_GET["filename"];
// Validate the filename (You so don't want people to be able to download
// EVERYTHING from your site...)
if (!file_exists($filename))
{
header('HTTP/1.0 404 Not Found');
die();
}
// A check of filemtime and IMS/304 management would be good here
// Be sure to disable buffer management if needed
while(ob_get_level()) {
ob_end_clean();
}
// Do not send out full path.
$basename = basename($filename);
Header('Content-Type: application/download');
Header("Content-Disposition: attachment; filename=\"$basename\"");
header('Content-Transfer-Encoding: binary'); // Not really needed
Header('Content-Length: ' . filesize($filename));
Header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
readfile($filename);那说,“无效文件”是什么意思?长度不好?零长度?文件名不好?错误的MIME类型?文件内容错误?你眼前的一切都可能清楚你的意思,但从我们的结果来看,它远非显而易见。