Reply To: download – Generate Filename from Field (Array)?

[__]

Both pieces of code output a file named png i.e. not extension just png.

Which would indicate that $tcgname[$i] is empty (or is not set). Do you have error reporting enabled? You can inspect the contents of $tcgname and $i using var_dump.

Also,

$file = trim($_GET['path']);

//  . . .

readfile($file);
unlink($file);

You need to validate the contents of $_GET['path'] (e.g., by checking that it names a file in a particular “allowed” directory). Using this script, one may read —and then delete— any file on your computer that is readable by PHP, simply by knowing, or guessing, its name.