Course lectures : 1 of 1

In this tutorial I will show you how to create a link to a file which prompts the user for a download.

To start with create two new files and call them download.php and index.php. Open the download.php and remove the entire content which your editor added to it, then start typing the following:


if (isset($_GET['file']) && basename($_GET['file']) == $_GET['file']) {
	$filename = $_GET['file'];
} else {
	$filename = NULL;

First we are checking if the the url contains the parameter file and whether basename($_GET['file']) and $_GET['file'] have the same value – this is to prevent any attackers from downloading files we don't want them to download.

If the condition is true then we are assigning the value of the file to the variable called $filename, however if the condition is false then we are assigning NULL to the variable.

On the next line type:

// define error message
$err = '<p style="color:#990000">Sorry, the file you are requesting is unavailable.</p>';

This line of code creates a new variable called $err and assigns the default message which will be displayed to the user when the file is unavailable or any other problem occur.

if (!$filename) {
	// if variable $filename is NULL or false display the message
	echo $err;
} else {
	// define the path to your download folder plus assign the file name
	$path = 'downloads/'.$filename;
	// check that file exists and is readable
	if (file_exists($path) && is_readable($path)) {
		// get the file size and send the http headers
		$size = filesize($path);
		header('Content-Type: application/octet-stream');
		header('Content-Length: '.$size);
		header('Content-Disposition: attachment; filename='.$filename);
		header('Content-Transfer-Encoding: binary');
		// open the file in binary read-only mode
		// display the error message if file can't be opened
		$file = @ fopen($path, 'rb');
		if ($file) {
			// stream the file and exit the script when complete
		} else {
			echo $err;
	} else {
		echo $err;

What's happening here is - first we check whether the $filename is NULL and if so we are displaying our message $err message. If it isn't NULL then we are creating the variable called $path which stores the path to the file and assigns the populated name of the file to the end of it.

Next we are checking whether the file exists and is readable, if so then we are sending the appropriate http headers with file size and opening the file in binary read-only mode (rb). Then, if the file has been opened successfully, we are using the fpassthru() function to write the result to the output buffer. If any of the condition was unsuccessfull we are displaying our $err message.

Now open index.php and type the following:

<a href="download.php?file=picture.jpg">Download file</a>

And that's all there is to it.


If you'd like to include code example please wrap your code within <pre><code> tags. See example here

function fullName(firstName, lastName)
    return firstName + ' ' + lastName;