I want to know how to create a download file from the database/folder. What I want to have is that I have two files butangDonload.php and download.php. When the user clicks the word "download" the pop-up box should appear and save the file.
The butangDonload.php:
Can someone please help me with this?
I've seen many download scripts written in PHP, from simple one-liners to dedicated classes. At least half of them share common issues; in many cases programmers simply copy the code from something that works, without even attempting to understand what it really does. With my experience in developing a successful online video platform and writing many variations of download scripts for clients, I thought it would be notable to mention one that I come across time and time again...
Never accept paths as input
It's very tempting to write something like
readfile[$_GET['file']];
but before you do, think about it, anyone could request any file on the server, even if it's outside the public html area. Guessing is not too difficult and in a few tries, an attacker could obtain configuration or password files.
You might think you're being extra clever by doing something like
$mypath = '/path-to-my-files-folder/' . $_GET['file'];
but an attacker can use relative paths to evade that eg "../../../some-file.txt".
What you must do - always - is sanitise the input. Accept only file names, like this:
$path_parts = pathinfo[$_GET['file']];
$file_name = $path_parts['basename'];
$file_path = '/path-to-my-files-folder/' . $file_name;
And work only with the file name and add the path to it yourself.
Even better would be to accept only numeric IDs and get the file path and name from a database [or even a text file or key => value array if it's something that doesn't change often]. Anything is better than blindly accepting requests.
If you need to restrict access to a file, you should generate encrypted, one-time IDs, so you can be sure a generated path can be used only once.
Oh, don't forget to restrict direct access to your downloads folder.
Please share, have fun coding!
Generally, no PHP script is required to download a file with the extensions exe and zip. If the file location of this type of file is set in the href attribute of the anchor element, then the file automatically downloads when the user clicks on the download link. Some files, such as image files, PDF files, text
files, CSV files, etc., do not download automatically, and instead, open in the browser when the user clicks on the download link. These files can be downloaded forcibly in PHP using the readfile[] function that does not download automatically. This tutorial shows you how to forcibly download any file using PHP script. It was previously mentioned that zip and exe files download automatically,
without using PHP script. First, create an HTML file with the following code. Here, the four anchor elements are defined to download the four types of files. These file types include TEXT, ZIP, PDF, and JPG files. Download.html OutputCheck Download Links
Download Files
Download TEXT file
Download ZIP file
Download PDF file
Download JPG file
The following dialog box will appear to download the file after clicking the zip file link. The user
can then download the file or open the file in the archive manager.
If you click on the image file, the image will be opened automatically in
the browser, as shown in the following output. You must save the file to make a copy of the image file in the local drive. In the same way, when you click on PDF and TEXT file links, the content of the file will be opened in the browser without downloading the file. The solution to this problem is to download the file forcibly using the built-in PHP readfile[] function.
Download File Using readfile[] Function
The readfile[] function is used in PHP script to forcibly download any file of the current location, or the file with the file path. The syntax of this function is given below.
Syntax
int readfile [ string $filename [, bool $use_include_path = false [, resource $context ]] ]
This function can take three arguments. The first argument is mandatory, and the other two arguments are optional. The first argument, $filename, stores the filename or filename with the path that will download. The default value of the second parameter, $use_include_path, is false and will be set to true if the filename with the path is used in the first argument. The third argument, $context, is used to indicate the context stream resource. This function returns the number of bytes read from the file mentioned in the first argument. The uses of this function are shown in the following two examples.
Example 1: Download File with Filename
In this example, we will create an HTML file with the following code, where the file name will be passed as a parameter of the URL named path, and the value of this parameter will be passed to the PHP file named download.php.
download2.html
Download Files
Download TEXT file
Download ZIP file
Download PDF file
Download JPG file
We will create the PHP file with the following code to download the file forcibly. Here, the isset[] function is used to check whether the $_GET[‘path’] is defined. If the variable is defined, the file_exists[] function is used to check whether the file exists in the server. Next, the header[] function is used to set the necessary header information before using the readfile[] function. The basename[] function is used to retrieve the filename, and the filesize[] function is used to read the size of the file in bytes, which will be shown in the opening dialog box to download the file. The flush[] function is used to clear the output buffer. The readfile[] function is used with the filename only, here.
download.php