PHP下载文件的方式
1. 得到文件路径
从$_GET['file']得到文件路径
$path_parts = pathinfo($_GET['file']);$file_name = $path_parts['basename'];$file_path = '/mysecretpath/' . $file_name;
务必使用上面这种方法得到路径,不能简单的字符串拼接得到路径
$mypath = '/mysecretpath/' . $_GET['file'];
如果输入的是../../,就可以访问任何路径
2. 设置header信息
header('Content-Description: File Transfer'); //描述页面返回的结果header('Content-Type: application/octet-stream'); //返回内容的类型,此处只知道是二进制流。具体返回类型可参考http://tool.oschina.net/commonsheader('Content-Disposition: attachment; filename='.basename($file));//可以让浏览器弹出下载窗口header('Content-Transfer-Encoding: binary');//内容编码方式,直接二进制,不要gzip压缩header('Expires: 0');//过期时间header('Cache-Control: must-revalidate');//缓存策略,强制页面不缓存,作用与no-cache相同,但更严格,强制意味更明显header('Pragma: public');header('Content-Length: ' . filesize($file));//文件大小,在文件超过2G的时候,filesize()返回的结果可能不正确
3. 输出文件之file_get_contents()方法
file_get_contents()把文件内容读取到字符串,也就是要把文件读到内存中,再输出内容
$str = file_get_contents($file);echo $str;
这种方式,只要文件稍微一大,就会超过内存限制
4. 输出文件之file()方法
与file_get_contents()差不多,只不过是file()会把内容按行读取到数组中,也是需要占用内存
$f = file($file);while(list($line, $cnt) = each($f)) { echo $cnt;}
文件大的时候也会超出内存限制
5. 输出文件之readfile()方法
readfile()方法:读入一个文件并写入到输出缓冲
这种方式可以直接输出到缓冲,不会整个文件占用内存
前提要先清空缓冲,先要让用户看到下载文件的对话框
while (ob_get_level()) ob_end_clean();//设置完header以后ob_clean();flush(); //清空缓冲区readfile($file);
这种方法可以输出大文件,不会因为内存原因导致失败。
但是readfile()同样会造成PHP内存耗尽:http://stackoverflow.com/questions/6627952/why-does-readfile-exhaust-php-memory
PHP has to read the file and it writes to the output buffer. So, for 300Mb file, no matter what the implementation you wrote (by many small segments, or by 1 big chunk) PHP has to read through 300Mb of file eventually.
If multiple user has to download the file, there will be a problem. (In one server, hosting providers will limit memory given to each hosting user. With such limited memory, using buffer is not going to be a good idea. )
I think using the direct link to download a file is a much better approach for big files.
大意:PHP需要都文件,再输出到缓冲。对于一个300M的文件,PHP最终还是要读300M内存。因此在多个用户同时下载的时候,缓冲也会耗尽内存。(不对还请指正)
例如100个用户在下载,就需要100*buffer_size大小的内存
6. 输出文件之fopen()方法
set_time_limit(0);$file = @fopen($file_path,"rb");while(!feof($file)){ print(@fread($file, 1024*8)); ob_flush(); flush();}
fopen()可以读入大文件,每次可以指定读取一部分的内容。在操作大文件的时候也很有用
7. 总结
利用PHP下载文件时,应该要注重场景。如果本身只是几个小文件被下载,那么使用PHP下载比较好;但是如果PHP要承受大量下载请求,这时下载文件就不该交给PHP做。
对于Apache,有mod_xsendfile可以帮助完成下载任务,更简单也更快速

The article discusses PHP, detailing its full form, main uses in web development, comparison with Python and Java, and its ease of learning for beginners.

PHP handles form data using $\_POST and $\_GET superglobals, with security ensured through validation, sanitization, and secure database interactions.

The article compares PHP and ASP.NET, focusing on their suitability for large-scale web applications, performance differences, and security features. Both are viable for large projects, but PHP is open-source and platform-independent, while ASP.NET,

PHP's case sensitivity varies: functions are insensitive, while variables and classes are sensitive. Best practices include consistent naming and using case-insensitive functions for comparisons.

The article discusses various methods for page redirection in PHP, focusing on the header() function and addressing common issues like "headers already sent" errors.

Article discusses type hinting in PHP, a feature for specifying expected data types in functions. Main issue is improving code quality and readability through type enforcement.

The article discusses PHP Data Objects (PDO), an extension for database access in PHP. It highlights PDO's role in enhancing security through prepared statements and its benefits over MySQLi, including database abstraction and better error handling.

Article discusses creating and securing PHP APIs, detailing steps from endpoint definition to performance optimization using frameworks like Laravel and best security practices.


Hot AI Tools

Undresser.AI Undress
AI-powered app for creating realistic nude photos

AI Clothes Remover
Online AI tool for removing clothes from photos.

Undress AI Tool
Undress images for free

Clothoff.io
AI clothes remover

Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!

Hot Article

Hot Tools

SublimeText3 Mac version
God-level code editing software (SublimeText3)

Zend Studio 13.0.1
Powerful PHP integrated development environment

PhpStorm Mac version
The latest (2018.2.1) professional PHP integrated development tool

SecLists
SecLists is the ultimate security tester's companion. It is a collection of various types of lists that are frequently used during security assessments, all in one place. SecLists helps make security testing more efficient and productive by conveniently providing all the lists a security tester might need. List types include usernames, passwords, URLs, fuzzing payloads, sensitive data patterns, web shells, and more. The tester can simply pull this repository onto a new test machine and he will have access to every type of list he needs.

SublimeText3 English version
Recommended: Win version, supports code prompts!
