The PHP readfile() function reads files verbatim, including PHP files. This opens up a major security hole if you are passing the actual filename using GET or POST form data (or anything else that the
PHP Force Download – Keep Track of What’s Going Down. By David Walsh on August 17, 2007.
possible duplicate of Forcing to download a file using PHP – user May 15 '14 at 5:57.
up vote 2 down vote accepted. Wrap the filename in quotes, something like.
PHP allows you to change the HTTP Headers of files that you’re writing, so that you can force a file to be downloaded that normally the browser would load in the same window. Following php script will give to force download a file using php.
I won't get into all of that, but the noteworthy thing is that the request is to GET the file /phptools/force-download.php from the host apptools.com.
Not only will it force the file to be downloaded but it allows you to specify a custom filename that it should be saved as.
Hotlinking not permitted.
Want to force a user to download a file instead of viewing it in his/her browser?
Content-Disposition: filename and attachment. Identify the file as an attachment. Force Download Usage.