Some humble suggestions:
Rating of 0 Listing things by (and with) the total number of downloads recorded, instead of the number of downloads this week Use input abstraction functions such as get_param($param[string],$type["integer"|"string"|"html"|"float"],$required[boolean]); and post_param([same args]); to make injection prevention much easier and more standard.