Have buy.php curl the data from example.com? You may be thinking of mod_rewrite, can't do that in the way you're thinking of.

Hey Thanks for your advise, but I still do not get it.

Here is an actual buy.php file:

<?

# Local Variables
$host = 'localhost';
$db_name = 'DB Name_Files';
$db_user = 'DB Name_alex';
$db_pass = 'DB Password';
$path_to_file_directory = 'files/';

# Database Connection
mysql_connect( $host, $db_user, $db_pass);
mysql_select_db( $db_name ) or die(mysql_error());

# Get Link Variable
# Later, you will filter out possible injections (hacks)
$file_code = filter_input( INPUT_GET, 'urlid' );

# Query for file info
$res = mysql_query("SELECT * FROM `Files` WHERE `file_display_name`='".$file_code."'") or die ( mysql_error() );

# If query is empty, there is a bad code name
# This catches possible hacking attempt.
if( mysql_num_rows($res) == 0 )
{
echo 'There will be no hacking on this website! ';
exit();
}

# Save file info into an array called "$info"
$info = mysql_fetch_assoc($res);

# File path is below
$file_path = $path_to_file_directory.$info['file_name'];

# Now push the download through the browser
# There is more than 1 way to do this.
if (file_exists($file_path)) {
echo '<a href="'.$file_path.'">Click here if download did not start after 10 seconds</a> ';
exit;
}

?>

what it does is: if visitor clicks on <a href="www.mysite.com/buy.php?urlid=Budget">Buy now</a>

will get page that will display a link to the file in the standard format like <a href="www.mysite.com/files/budget.xls">Click here if your download did not start in 10 sec</a>.

Now what I need to happen is, instead of giving link that directs to the path directory of the files, I need to have a link to look like this <a href="www.mysite.com/thanks.php?urlid=Budget">Click here if your download did not start in 10 sec</a> where thanks.php will collect all info from DB and if someone decides to click on it then will automatically start download.

This way nothing will be disclosed to the end user at all.

Thanks for your help in advance

Ah, that's very dfifferent. don't have the code handy, but what you want to do is open the file and print it to the browser. You'll need appropriate headers to force the browser to force the download. A simple print will do it for unrecognized types, but files that have browser helpers - - pdf, images, etc. - the browser will sniff them out and display them instead.

if (file_exists($file_path)) {
// open file from hidden location (get_file_contents should do it)
//print headers: file length, octet-stream or whatever, etc.
//echo the file contents to the browser, not the path
exit;
}

A bit of advice:

if( mysql_num_rows($res) == 0 )
{
echo 'There will be no hacking on this website! ';
exit();
}

This is not a "useful" message to the user, it should do something useful - like back to the querying page with an error message, or contact us, or something. If someone **is** attempting malicious input on your site, this will just motivate them to try harder.

I already do have another file (download.php) that dose it:

Have a look at this code:

<?

# Local Variables
$host = 'localhost';
$db_name = 'my site_Files';
$db_user = 'my site_alex';
$db_pass = 'My DB Password';
$path_to_file_directory = 'files/';

# Database Connection
mysql_connect( $host, $db_user, $db_pass);
mysql_select_db( $db_name ) or die(mysql_error());

# Get Link Variable
# Later, you will filter out possible injections (hacks)
$file_code = filter_input( INPUT_GET, 'urlid' );

# Query for file info
$res = mysql_query("SELECT * FROM `Files` WHERE `file_display_name`='".$file_code."'") or die ( mysql_error() );

# If query is empty, there is a bad code name
# This catches possible hacking attempt.
if( mysql_num_rows($res) == 0 )
{
echo 'There will be no hacking on this website! ';
exit();
}

# Save file info into an array called "$info"
$info = mysql_fetch_assoc($res);

# File path is below
$file_path = $path_to_file_directory.$info['file_name'];

# Now push the download through the browser
# There is more than 1 way to do this.
if (file_exists($file_path)) {
header('Content-Description: File Transfer');
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename='.basename($file_path));
header('Content-Transfer-Encoding: binary');
header('Expires: 0');
header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
header('Pragma: public');
header('Content-Length: ' . filesize($file_path));
ob_clean();
flush();
readfile($file_path);
exit;
}

?>

and it does work just fine. Along with this I have another file, code for which I have already posted previously today that creates an additional link to the file if for some reason download did not start. But the link that my previous file creates is a standard path to the file www.mysite.com/files/budget.xls.

Question is how to make the last link that being generated by .php file to look like this www.mysite.com/thanks.php?urlid=budget that ideally will be pointing to the same file but through my SQL DB?

Hi all,

I seem to have a bee in my bonnet about this just lately, but trust me it can stop your script dead.

Not all servers support short tags: <? ?> Only use this style if you KNOW that it will be supported in the config file on your server.

To stop headaches in the future and to make your hard work and development more versatile, please use the full tags:<?php ?>. Say if you came to migrate servers, you cannot guarantee that the new server will support short tags, this is just down to good old fashioned 'good coding practise' imho.

Just thought as this was a point worth mentioning.

Cheers,
MRb