php-从服务器下载文件,而无需透露URL-几个陷阱
我正在开发一个“简单”的购物车应用程序,该应用程序允许用户购买可下载的产品。我有兴趣创建指向数字产品的链接,而不会向最终用户揭示全部URL。我在此处搜索了其他解决方案,并了解了制作“下载.php”文件的基础知识,该文件引用了产品ID(存储为DB中的哈希类型值),然后可以引用该文件以获取文件的实际URL。
但是,我遇到了一些格式问题,其他问题可能会发现有趣的问题:
以下链接是一个示例:从服务器php下载文件
它将以下代码显示为可下载文档的标题(引用PHP变量):
header("Content-Disposition: attachment; filename=$file");
另一个示例在这里:启动使用php下载的情况下下载而不揭示文件url url
readfile($file);
但是,如果您在此处查看PHP标题文档: php -headers documentation
您会注意到所有参数已通过被单个引号包裹:
header('Content-Type: application/pdf');
header('Content-Disposition: attachment; filename="downloaded.pdf"');
readfile('original.pdf');
那些特别有天赋的细节的人还会注意到,内容分配的论点的文件名包含双引号。 。 。完整的参数包裹在单引号中。
如果我在上面的示例中遵循代码(删除单个和/或双引号),则文件似乎被损坏,丢失或只是未能加载。那么我该如何解决?
I am working on a "simple" shopping cart app that allows users to purchase downloadable products. I am interested in creating a link to a digital product without revealing the full URL to the end user. I have searched other solutions here and understand the basics of making a "download.php" file that references the product ID, stored as a HASH type value in the DB, that can then be referenced to get the actual URL of the file.
However, there are some formatting issues that I've bumped into that others might find interesting:
The following link is an example: Download files from server php
It shows the following code as the headers of the downloadable document (Referencing a PHP variable):
header("Content-Disposition: attachment; filename=$file");
Another example of that is here: Start a download with PHP without revealing file URL
readfile($file);
However, if you look at the PHP HEADERS documentation here: PHP - HEADERS Documentation
You'll notice that all of the arguments passed are wrapped in single quotes:
header('Content-Type: application/pdf');
header('Content-Disposition: attachment; filename="downloaded.pdf"');
readfile('original.pdf');
Those who are particularly gifted in attention to detail will also notice that the Content-Disposition argument has the filename wrapped in double quotes . . . with the full argument wrapped in single quotes.
If I followed the code in the above examples (leaving out the single and/or double quotes) the file seems to be corrupted, missing, or just fails to load. So how do I fix this?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
为了在我自己的代码中使用此功能,我需要将我的PHP变量包裹在单引号或双引号(有时是单个引号,有时翻倍)中,如下所示:
当以这种方式输入时,我能够在没有损坏或问题的情况下下载文件。如果您知道这样做的更好方法,请告诉我。
但是,当我使用上面的编码时,也使我不使用
代码中的命令。实际上,如果我现在添加它们。 。 。它似乎也破坏了我的文件。诡异的。
另一个潜在的gotcha是,如果您尝试下载txt文件,并且在“下载.php”文件中的任何位置都有一个php“ echo”语句,则echo语句的内容将附加到下载的txty文件中。因此,只需要小心。
该回声语句也可能还附加到其他文档类型的标题上,但似乎并没有影响文件在我有限的测试中打开的能力。但是,再次小心! :)
To get this working in my own code, I needed to wrap my PHP variables in either single or double quotes (and sometimes doubled single quotes) as shown below:
When entered this way, I was able to download the files without corruption or issue. Please let me know if you are aware of a better way of doing this.
However, when I used the coded above it also allowed me to NOT use the
commands in my code. In fact if I add them now . . . it seems to corrupt my files too. Weird.
Another potential GOTCHA is that if you attempt to download a TXT file, and you have a PHP "echo" statement anywhere in your "download.php" file, the contents of the ECHO statement will be appended to the TXTY file that's downloaded. So just something to be careful of.
This ECHO statement may also be appended to the headers of other documents types as well, but it didn't seem to affect the ability of the file to open in my limited testing. But again, be careful out there! :)