Saving result to file for download - Mailing list pgsql-php

From Michael Glaesemann
Subject Saving result to file for download
Date
Msg-id 315833F6-07CB-11D8-B456-0005029FC1A7@myrealbox.com
Whole thread Raw
Responses Re: Saving result to file for download
Re: Saving result to file for download
List pgsql-php
Hi all!

I made a PHP script that formats and saves the output of a query to a
file and provides a link to the file for download. I've never done this
before and would appreciate any feedback. Here are things I'd like to
improve or am concerned about.

I've looked through Sklar & Trachtenberg's 'PHP Cookbook', googled
('PHP postgresql saving result file download' gives you a wide
assortment of links!), and attempted to search the archives of
pgsql-php, but I keep timing out after 60 seconds. Has anyone else been
experiencing problems searching the archives?

1. Right now the file is permanently saved in a directory (used only
for saving these results files, unimaginatively named /temp) in the web
root of the server (in my case /Library/Webserver/Documents on Mac OS X
10.2). I'd rather it be a temporary file so I wouldn't have to worry
about clearing out the files if a lot of people generate results files.
I'm not concerned that people won't be able to come back to the results
file at a later date—they can just generate a new one. Perhaps I should
make a cron job to clear out the folder every once in a while?

2. Security. I've changed the owner on /temp to www (the webserver) so
that PHP can write to the directory. Here are the permissions.
drwxr-xr-x  23 www       admin      782 Oct 27 00:05 temp
I'm guessing I should change the permissions to drwxr--r-- (or even
drw-r--r--) as there's no reason there should be execute permissions on
the directory.

If anyone's curious, here's the file handling part of the code. Truly
nothing special. If anyone would like to see anything else, I'd be
happy to oblige.

     $docroot   = '/Library/Webserver/Documents/';
     $dir       = 'temp/';
     $path      = $docroot.$dir;
     $id_string = uniqid('',1);
     $filename = 'apps-'.$id_string.'.txt';
     $fh =fopen($path.$filename,'w') or die($php_errormsg);
     fputs($fh,$app_string);
     fclose($fh) or die($php_errormsg);
     echo 'Here\'s your file! Download now!<br />';
     echo '<a href="/'.$dir.$filename.'">'.$filename.'</a>';

As this is the first time of done anything like this, I'd appreciate
any comments.

Thanks!

Michael

pgsql-php by date:

Previous
From: Matthias Weinhold
Date:
Subject: array fields in the database and their handling with php4
Next
From: Michael Glaesemann
Date:
Subject: Re: array fields in the database and their handling with php4