homepage Welcome to WebmasterWorld Guest from
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Visit PubCon.com
Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
Forum Library, Charter, Moderators: coopster & jatar k

PHP Server Side Scripting Forum

Secure download

 1:01 am on Feb 24, 2008 (gmt 0)

How do I make it so I can have a download script, that is just like http://www.example.com/download/download.php?file=10 for example, where 10 is the name of the file from the database, and it doesn't actually show the true path of the download? I've been looking into this for a week but I can't seem to find anything that will teach me how to do this.



 2:28 am on Feb 24, 2008 (gmt 0)

Create yourself a directory named "myfiles." It is best if this directory is above your root directory. That way the files within it can be accessed with PHP but, not directly by a user with a browser.

Specify the filename in $filename then execute send_download($filename) where:

function send_download($filename){
$file_path = '../myfiles/' . $filename;
header("Content-Type: application/x-zip-compressed");
header("Content-disposition: attachment; filename=$filename");
header("Content-Length: $file_size");

This will need to be done before your script sends any other information to the browser.

The only catch is the function above assumes the file ($filename) is a .zip file (i.e., $filename = something.zip). If this is true in your case then you should not have to modify anything else. If you are sending some other type of file, you will need to change "application/x-zip-compressed" to reflect a different Mime type. For example:

'application/x-zip-compressed' is mime type for a .zip file
'application/x-msdownload' is mime type for a .exe file


 5:50 am on Feb 24, 2008 (gmt 0)

How do I execute that like make it a link, like <a href="files.php">asd</a> or what?

Also how would I like set it to get the file ID, because I'm going to have a different file for each page, and I want it to just get the file ID for that page.


 8:01 am on Feb 24, 2008 (gmt 0)



 11:32 am on Feb 24, 2008 (gmt 0)

As the directory with your files in is not accessible from the web via a browser you will need to make a page that is accessible from the web to do all the work for you.

So you have a page called 'get_file.php' (for example). On this page you stick your function as above, maybe modified so that you can use GET to send the $filename. Then once the file has been got and sent to the browser use header('Location: ...'); to send your visitors to another page.


 2:26 pm on Feb 24, 2008 (gmt 0)

I am not sure I know exactly what you want to do but lets say you have a page named downloadfiles.php. On this page you could create a link with <a href="download.php?file=10">asd</a>

Then download.php would contain:

if (isset($_GET['file'])){
$file = $_GET['file']; # $file should be 10
$query = "SELECT FileName FROM Mytable WHERE FileNumber='$file'";
$result = @mysql_query($query);
$row = mysql_fetch_array($result);
$filename = $row[FileName];
} else {
echo "Error";

# Declare function
function send_download($filename){
$file_path = '../myfiles/' . $filename;
header("Content-Type: application/x-zip-compressed");
header("Content-disposition: attachment; filename=$filename");
header("Content-Length: $file_size");


 5:39 pm on Feb 24, 2008 (gmt 0)

The above is a much better explanation of what I was so ineptly trying to say.

The only thing I would add is that as the browser will be directed to download.php this page need to do somethings. As at the moment you will either get 'Error' or a completely blank screen.

So just before the exit add header('Location: another_page.php'); So that your users are sent to another page.


 6:38 pm on Feb 24, 2008 (gmt 0)

Ok yeh I got it, except I need it to pull out the certain file, from the certain row in the table. Like I have a page named www.example.com/download/?id=10 for example. That page shows all the information about the file that has been uploaded. Is it possible to like only use THAT ROW, and take out the ID from that row, because I'm not sure how its going to detect that its that file for that certain page. Right now its just taking out the first file, which is a .jpg, and when I open it, it has a .dll error. I'll try what you did above tho.


 8:03 pm on Feb 24, 2008 (gmt 0)

For clarity, if download.php does not send anything to the browser, it will not refresh to a blank screen. So, basically, if you get the error, you will get a blank screen with "Error" and you would probably want it to do something more elaborate instead but, if you don't get the error, you will still be looking at the output created by downloadfiles.php (unless you use the additional header('Location: another_page.php'); recommended above. It all depends on if you want to redirect to somewhere else or not. In some applications, I actually prefer to be left at the prior page.

Are you talking about a row in a HTML table or a row in your database? Not sure what you are asking.


 8:55 pm on Feb 24, 2008 (gmt 0)

Ok here is the page that I'm going. <snip>

If you look, files.php is the page with the script, and when you click it, the box will appear with the download. It will say its a .jpg image, but that is not the correct image for the row. I'm pretty sure thats the first file in the table (on the database not html table). It's not taking out the 10th file, as the url is: ?id=10. I want it to get the file for that row in the table from the database, that the page is getting from.

Ok now I get this error:

Warning: Cannot modify header information fo rline 22, 23 , and 24. :/

[edited by: eelixduppy at 1:02 am (utc) on Feb. 25, 2008]
[edit reason] no URLs, please [/edit]


 11:31 pm on Feb 24, 2008 (gmt 0)

When I visited it was giving me "Error."

I would put a field in the database which is ID and then change the query to:

$query = "SELECT FileName FROM Mytable WHERE ID='$file'";

Then, it will find the FileName corresponding to the row with the proper ID, regardless of which row it is (your rows can be mixed up and it will still work properly - don't count on your rows remaining in some particular order with SQL).

Make sure that your ID in the database corresponds to the row containing the desired file for <a href="download.php?file=10">asd</a>

The header warning probably means you are attempting to send headers to the browser more than once. Rather than explain this it would probably be easier if I gave you a simple rule: You can only send headers once per webpage and it must be done before any other text is sent to the browser. My guess is that you are echoing or printing some HTML, text, or possibly an inadvertent space character prior to the header() lines.

Global Options:
 top home search open messages active posts  

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved