I have a website script store, No i have installed it all ok and as the Read Me file says, the problem i have is when the customer pays for a specific script they get an email with the download link to the file when they click on this (http://www.scripts.cheapwebdesignuk.co.uk/dl/?7|7) It shows an error. Can anyone help why this is wrong all files are in a folder called dl/ Here is the code to the dl/index.php <? require_once("../conn.php"); require_once("../includes.php"); $k = $_GET["k"]; $info = explode("|", $k); //check the exp date $q1 = "select ExpDate from dd_orders_info where OrderID = $info[0]"; $result = mysql_query($q1); while ($res = mysql_fetch_row($result)) { $exp = $res[0]; $ItemID = $res[1]; } if($exp < $t) { echo "<br><br><br><center><font face=verdana size=2 color=red><b>Your download link is not active if<br>you are not able to download this file please E-Mail me at ASAP!"; exit(); } //get the item $q1 = "select DownloadURL from dd_catalog where ItemID = $info[1] "; $r1 = mysql_query($q1) or die(mysql_error()); $a1 = mysql_fetch_array($r1); $q1 = "update dd_orders_content set download_status = 'y' where ItemID = $info[1] and OrderID = $info[0] "; mysql_query($q1) or die(mysql_error()); header("Location: $a1[0]"); die(); ?> PHP: Thanks
Warning: mysql_fetch_row(): supplied argument is not a valid MySQL result resource in /home/cheapweb/public_html/scripts/dl/index.php on line 14
It seems that this query is doing it: $result = mysql_query($q1); Try replacing this line: $q1 = "select ExpDate from dd_orders_info where OrderID = $info[0]"; with this: $q1 = "select ExpDate from dd_orders_info where OrderID = " . $info[0];
And ensure all input is verified! I don't know what happens in the included files, but ensure you use at the very least mysql_real_escape_string before any database queries.