A detailed explanation of the php file download principle and implementation

Usually the file download process is very simple, establish a link to the target file on it. For example, the following link:

xml/html Code

1. <a href=http://www.xxx.com/xxx.rar> Click to download the file </a>

However, the situation may be slightly more complex. For example, users need to fill out the full registration information before they can download the file, then the first thought is the use of redirect. Two ways are described below.

　　(1) Use the Redirect method. Check that the form is completed and complete, and then refer to the file so that the user can download it. Take a look at the following sample code:

PHP code

1. <?php
2. /* File function: Check whether the variable form is complete */
3. if ($form) {
4. redirect Browser point to
5. Header ("location:http://Http://www.xxx.com/xxx.rar");
6. Exit
7. }
8. ?>

　　(2) According to the download file number to find, the form of the link is as follows:

xml/html Code

1. <a href="http://www.xxx.com/download.php?id=123456"> Click to download File </a>

The link above uses the ID to receive the number of the file to be downloaded, and then connects to the actual file link in a redirect way.

The above two methods, although the implementation of the file download function, but the disadvantage is directly exposed to the path of the file, and there is no anti-theft chain function, so the above way is simple direct but there is a security hidden file download method. In PHP, it is common to use the header () function and the fread () function to implement a secure file download.

For example, to download a file named Xxx.rar file, first create the file is download.php php file. From the previous example, it is easy to get the real location of the file to be downloaded from the database by the ID number of the file, which can be redirected directly to the file by the location parameter of the header () function after obtaining the real storage position of the file. However, this is still unsafe, as some download software can still obtain location information for the file through redirection analysis. So another way to do this is to use PHP's file-handling API functions. It is through the fread () function to output the file directly to the browser prompts the user to download, so that all the processing is done on the server side, so that the user can not get the file specific storage location information, the sample code is as follows:

PHP code

2. <?php
4. $file _name = "Xxx.rar"; //download file name
6. $file _dir = "./up/"; //download file storage directory
8. Check if the file exists
10. if (! file_exists ( $file _dir. $file _name)) {    
12. echo "File not found";
14. exit ();
16. } Else {
18. //Open File
20. $file = fopen ( $file _dir.    $file _name, "R");
22. //input file tags
24. Header ( "Content-type:application/octet-stream");
26. Header ( "accept-ranges:bytes");
28. Header ( "Accept-length:".) filesize ( $file _dir.    $file _name));
30. Header ( "content-disposition:attachment; Filename= ".    $file _name);
32. //Output file contents
34. //Read file contents and output directly to browser
36. echo fread ( $file, filesize ( $file _dir.    $file _name));
38. Fclose ( $file);
40. exit ();
42. }
44. ?>

　　"Code Interpretation"

In the above code, the program sends the header information to tell Apache and the browser to download the information about the file. The meaning of Content-type means that the file MIME type is a file stream format. If you set the MIME type of the file to Application/octet-stream (such as add Application/octet-stream) in the Apache configuration. Xxx.rar), then the browser (client) will know that this is a file stream format file and prompt the user to download. Accept-ranges is a response header that allows the server to indicate an acceptance request that will be part of a resource at a given offset and length, which is understood as the unit of measure for the request scope. Content-length is the length of a byte that specifies the data contained in the request or response, for example, content-length:382. Content-disposition:attachment is used to tell the browser that a file is a value that can be downloaded as an attachment, and the name of the downloaded file is $file_name the variable.

Run the download.php file, as shown in the effect. You can see that the file was prompted to download as expected, and click the "Save" button to save the file locally.

Reprinted from: http://www.jizhuomi.com/software/386.html

A detailed explanation of the php file download principle and implementation