Hi all!
I made a PHP script that formats and saves the output of a query to a
file and provides a link to the file for download. I've never done this
before and would appreciate any feedback. Here are things I'd like to
improve or am concerned about.
I've looked through Sklar & Trachtenberg's 'PHP Cookbook', googled
('PHP postgresql saving result file download' gives you a wide
assortment of links!), and attempted to search the archives of
pgsql-php, but I keep timing out after 60 seconds. Has anyone else been
experiencing problems searching the archives?
1. Right now the file is permanently saved in a directory (used only
for saving these results files, unimaginatively named /temp) in the web
root of the server (in my case /Library/Webserver/Documents on Mac OS X
10.2). I'd rather it be a temporary file so I wouldn't have to worry
about clearing out the files if a lot of people generate results files.
I'm not concerned that people won't be able to come back to the results
file at a later date—they can just generate a new one. Perhaps I should
make a cron job to clear out the folder every once in a while?
2. Security. I've changed the owner on /temp to www (the webserver) so
that PHP can write to the directory. Here are the permissions.
drwxr-xr-x 23 www admin 782 Oct 27 00:05 temp
I'm guessing I should change the permissions to drwxr--r-- (or even
drw-r--r--) as there's no reason there should be execute permissions on
the directory.
If anyone's curious, here's the file handling part of the code. Truly
nothing special. If anyone would like to see anything else, I'd be
happy to oblige.
$docroot = '/Library/Webserver/Documents/';
$dir = 'temp/';
$path = $docroot.$dir;
$id_string = uniqid('',1);
$filename = 'apps-'.$id_string.'.txt';
$fh =fopen($path.$filename,'w') or die($php_errormsg);
fputs($fh,$app_string);
fclose($fh) or die($php_errormsg);
echo 'Here\'s your file! Download now!<br />';
echo '<a href="/'.$dir.$filename.'">'.$filename.'</a>';
As this is the first time of done anything like this, I'd appreciate
any comments.
Thanks!
Michael