db_com_query("SELECT bild".$textFeld." FROM `SIMdownloads` WHERE kundennummer = '".mysql_real_escape_string($_GET['kundennummer'])."' AND id = '".mysql_real_escape_string($_GET['id'])."'")) echo "query failed
".$db->db_com_get_last_error()."
"; $result = $db->db_com_get_next_result(); $bildDL = $result[0]; if(!$db->db_com_query("SELECT titel, bildExt, bild, size FROM SIMbilder WHERE id = '".mysql_real_escape_string((int)$bildDL)."' AND kundennummer = '".mysql_real_escape_string($_GET['kundennummer'])."'")) echo "query failed
".$db->db_com_get_last_error()."
"; if($result = $db->db_com_get_next_result()){ $titelDL = $result[0]; $bildExtDL = $result[1]; $dateiDl = $result[2]; $sizeDL = $result[3]; $url_partner = "../".$_GET['kundennummer']."/alben/1/".$dateiDl; if(!$db->db_com_query("UPDATE `SIMdownloads` SET downloads = downloads+1 WHERE kundennummer = '".mysql_real_escape_string($_GET['kundennummer'])."' AND id = '".mysql_real_escape_string($_GET['id'])."'")) echo "query failed
".$db->db_com_get_last_error()."
"; } if(!empty($dateiDl) && !preg_match('=/=', $dateiDl)) { if(file_exists ($url_partner)) { header("Content-Type: ".detect_mime($dateiDl)); header('Content-Disposition: attachment; filename="'.$titelDL.'.'.$bildExtDL.'"'); readfile($url_partner); } }else{ header('Location:http://simpress.de'); } ?>