Ok, so there's issues with writing the code and there also is an issue with the concept of database data retrieval.
First things first. While the associated FAQ offers some different explanations and guidance, the central concept is the same regardless. For example you have described a partial blank screen occurring as well as receiving a warning an error occurred type message. These are covered by the following two FAQs and by further investigation you'll be able to at least more succinctly ask a question about the issue that is occurring.
http://www.zen-cart.com/content.php?124-blank-page
https://www.zen-cart.com/content.php...-and-try-again
Then with regards to the database structure. As it appears you understand, there is a simple products_id which uniquely identifies the main product in question. Then when dealing with attributes (such as a download file) there is a sort of build-up of data that is employed in ZC. There are a list of option names, and a list of option values (that are assigned to an option name) and then a combination (if it exists) of an option name/option value being assigned as an overall attribute to a product. But, then a download file has some additional information to "manage" that is not a part of a standard attribute. There is, as discovered, the filename, but also other things like how many times the file should be permitted to be downloaded, for how long it can be downloaded, etc... this information, once the product is purchased, is stored in an orders related table and modified as necessary for the specific order.
Anyways, the part that needs to be understood/further adapted is the relationship of the products_id to the file's filename.
So, I recommend taking a look at the database table structure of products_attributes in addition to products_attributes_download to see how the two tables sort of "fit" together and how it is possible to get the filename from knowing the products_id. Further, you will also want to consider the possibility that there may be more than one file associated with the product (either because the one file was too large to serve as a single download and needs to be split across multiple, or perhaps that there are multiple versions/styles of the same content or of course some combination).
I leave that part of the database query to further discovery, but there is also the issue of the code to handle the result.
The $db->Execute method returns a variable that has fields in it. Now in ZC 1.5.5 and above the returned variable is manageable more as an array than previously designed, but that is for a later rewrite of the code seeing as still using ZC 1.5.1.
The result of $zipfile_name is not literally just the filename but is made of other database related information among which is the value that was sought in the database.
For one, $zipfile_name->EOF provides an indicator that at the moment of use, the current record is the "end-of-file" or the last record. This means that at the moment of asking there is no data to be reviewed from the query either because the query returned no data or as the query results have been accessed/reviewed ($zipfile_name->MoveNext()), now at the last record.
To see how many records were returned one can use $zipfile_name->RecordCount().
Assuming that after the execute query has been run and that we are not at the end-of-file, then to access say the products_attributes_filename field's data returned by the query, the variable form is: $zipfile_name->fields['products_attributes_filename']. The field name between the single quotes relates back to the query in the section between the select statement and the from statement. It is possible to alias a field to another name and it would be that alias that would need to be used.
So in the above instead of directly echoing $zipfile_name (which is an array of sorts and would be part of why the page errored out) would echo $zipfile_name->fields['products_attributes_filename'];
But... Let's talk a little about sanitization... in your first query/statement you cast $_GET['products_id'] to an integer. Good. One, no product can have a zero products_id so if the first "value" or character is anything other than a number then casting it to an integer will cause it to be zero and subsequent results will not have much meaning. The second thing is that at least that statement can not be further "modified" by sql injection (modifying the value of the parameter products_id to cause a system response that could be otherwise interpreted or provide some amount of configuration information.) The reason I sort of bring this up is that the sql query itself uses a variable that has already been "made" to be sanitized and while it appears to be immediately adjacent to the assignment, could be separated by a lot of code and therefore could either be purposefully or accidentally modified away from just the integer that was expected. Therefore it is wise to again cast the value within the sql to its expected value type (int). Then there is a bit of a query structure that has become a bit more sensitive in newer versions (might as well start now even though using a store that is 5+ years old in design). Since whatever "id" is being looked up is expected to be an integer, such a value is presented to a field without any single or double quote once all php substitutions have been made. Meaning a statement like this:
Code:
select products_id from products where products_id = 618;
Would be the select query statement one would put into say phpmyadmin to obtain the result of the products_id that had the given products_id... (not your typical query per se, but could be used to identify the presence of the products_id by evaluating the result. A number of other ways to do the same thing as well.)
Anyways, the php related query, building one thing at a time could be made as so when replacing the generic table name:
Code:
"select products_id from " . TABLE_PRODUCTS . " where products_id = 618"
Then by substituting $products_id as cast to an integer:
Code:
"select products_id from " . TABLE_PRODUCTS . " where products_id = ". (int)$products_id
Notice how there is not the single quote around the $products_id? It's unnecessary and actually causes additional unnecessary processing.
Anyways, while your solution is not directly provided here, perhaps you can enjoy the self-discovery through using some of the information provided here. It's not 100% explanatory and there are some pitfalls that can be experienced if haven't applied some of the concepts fully. Might I suggest looking through the ZC code for similar simple table/field lookups and see how it may be handled.
Also, as a final thing (for this particular post), hopefully it is also understood that perhaps the "best" place to address file existence is when the attributes are being generated/looked up such as in includes/modules/YOUR_TEMPLATE/attributes.php. It may or may not provide useful information or a way to do something different depending on what else is to happen or be needed.
Bookmarks