Force File Download With PHP

19th February 2008 - 4 minutes read time

When you supply files that web browsers can open they are usually opened inside the browser, rather than being downloaded. This can be annoying, especially where PDF documents are involved. You could supply the files in a compressed format in order to force users to download them, but this is also annoying as the user then has to uncompress the file.

You can force the web browser to supply the file as a download by using the header() function in PHP. The following little bit of code will take any filename and supply it as a download.

<?php
$file = $_GET['file'];
header('Content-type: octet/stream');
header('Content-disposition: attachment; filename='.$file.';');
header('Content-Length: '.filesize($file));
readfile($file);
exit;
?>

All you have to do is link to this script with the argument being the file name you want your users to be able to download.

<a href="force.php?file=hashbangcode-image.png" title="Download">PNG Image</a>

The benefit of doing things this way means that you can also put some tracking elements into the start of the file to record what and when the file was downloaded.

However, be very careful here. In it's current state the script will allow users to download ANY file within the directory you have the script in, just by supplying the name. This is a big security feature as a use could get hold of your database password file quite easily. To get around this you can restrict the file type to either jpg, gif, png or pdf by using the following code.

<?php
$file = $_GET['file'];
$ext = substr($file,-3);
if($ext=='jpg' || $ext=='gif' || $ext=='png' || $ext=='pdf'){
 header('Content-type: octet/stream');
 header('Content-disposition: attachment; filename='.$file.';');
 header('Content-Length: '.filesize($file));
 readfile($file);
 exit;
}
?>

Finally, it is best to check to see if the file exists before trying to get users to download it. It is doesn't then they will get a file full off PHP error codes.

PHP

Comments

Great piece of code! Here is a more secure way of doing it though
But I guess this is impractical if you want to download dynamic images....

Submitted by Emmanuel on Mon, 06/28/2010 - 04:51

Permalink

Anyone tell me how to get extension of that file

Submitted by Anyone tell me… on Sun, 11/15/2020 - 12:55

Permalink

In the examples above I have used the following to extract the extension of the file.

$ext = substr($file,-3);

However, I have not written it this way for a number of years now. My preferred route is to use the pathinfo() function. This will return information about the file name passed to it. For example.

print_r(pathinfo('docroot/index.php'));

Will print out.

Array
(
    [dirname] => docroot
    [basename] => index.php
    [extension] => php
    [filename] => index
)

If you want to get *just* the file extension then you pass in the PATHINFO_EXTENSION flag to the pathinfo() function. Like this.

echo pathinfo('docroot/index.php', PATHINFO_EXTENSION);

This returns a string instead of the full array of file info, so the function now prints this:

php

I hope that answers your question?

Philip Norton

Submitted by philipnorton42 on Sun, 11/15/2020 - 13:46

Permalink

Add new comment

The content of this field is kept private and will not be shown publicly.

Related Content

A Look At Flood Fill Algorithms In PHP

10th June 2025

If you have ever used a paint program then you might have used a flood fill algorithm. This is a mechanism by which an area of an image can be filled with a different colour and is normally depicted by a pain can pouring paint.

Read more

A Look At Benford's Law

11th May 2025

Benford's Law is an interesting heuristic in data analysis. It states that in any large collection of numbers that are created naturally, you should expect to see numbers starting with the number 1 about 30% of the time. The frequency distribution of numbers states that 2 should appear about 17% of the time, down to 9 being seen just 5% of the time.

Read more

Protecting A Page From Being Directly Accessed With PHP

27th April 2025

I was thinking recently about the number of ways in which I could restrict access to a page using PHP.

The obvious option is to create a user authentication system, but in some situations that is overkill for what is required. If you just want to prevent users from going directly to a certain page then there are a few options open to you.

Read more

Generating Colour Palettes From Images In PHP

4th August 2024

A common web design pattern is to incorporate an image into the design of the page. This creates a tighter integration with the image and the rest of the page.

The main issue in designing a page around the image is that the colours of the page must match the image. Otherwise this creates a dissonance between the image and the styles of the site.

Read more

Validating XML Files With XML Schema Definitions In PHP

21st July 2024

XML is a useful format for configuration, data storage, and transmitting data from one system to another. As a human readable format that can be easily read by machines it quickly gained favor in lots of different systems as a mechanism for data storage.

Read more