Board index   FAQ   Search  
Register  Login
Board index PHP PHP General

Automatic File Download

General discussions related to php

Moderators: macek, egami, gesf

Automatic File Download

Postby chellert » Mon Feb 04, 2013 5:07 pm

Hello

I have a site that pulls information from a Database and one of the links I want to have the user download a file once they click on the link. I can't seem to pass the file name to the download php file.

the link for the files is <a href='download_file.php?fname=document_name.pdf'>

in the download_file.php file I have the following code, but it is not picking up the variable:

$fname = $_GET['fname'];

header('Content-disposition: attachment; filename={$fname}');
header('Content-type: application/pdf');
readfile('{$fname}');
chellert
New php-forum User
New php-forum User
 
Posts: 10
Joined: Tue Apr 20, 2010 8:54 am

Re: Automatic File Download

Postby seandisanti » Thu Feb 07, 2013 1:09 pm

so you want your site to send your visitor whatever file they urlencode into a GET variable? I really hope you see how dangerous an idea that is...
seandisanti
php-forum Fan User
php-forum Fan User
 
Posts: 838
Joined: Mon Oct 01, 2012 12:32 pm

Re: Automatic File Download

Postby chellert » Tue Feb 12, 2013 5:39 am

explain why this is dangerous
chellert
New php-forum User
New php-forum User
 
Posts: 10
Joined: Tue Apr 20, 2010 8:54 am

Re: Automatic File Download

Postby seandisanti » Wed Feb 13, 2013 12:47 pm

http://yourhost/download_file.php?fname=../../.htaccess

http://yourhost/download_file.php?fname ... d_file.php

http://yourhost/download_file.php?fname ... tabase.php

etc. you may not have things in those locations, but hopefully you get the point.

***edit***

Just think of what an intelligent person could gain access to if they were able to see the server side php of one page on your site. they could get a peek at your directory structures based on your includes, probably some credentials by examining those includes, and maybe even your whole database.
seandisanti
php-forum Fan User
php-forum Fan User
 
Posts: 838
Joined: Mon Oct 01, 2012 12:32 pm


Return to PHP General

Who is online

Users browsing this forum: Yahoo [Bot] and 1 guest

Sponsored by Sitebuilder Web hosting and Traduzioni Italiano Rumeno and antispam for cPanel.

cron