NYCPHP Meetup

NYPHP.org

[nycphp-talk] NEW PHundamentals Question - Headers & Downloads

Chris Shiflett shiflett at php.net
Wed Oct 13 14:18:18 EDT 2004


--- Dan Cech <dcech at phpwerx.net> wrote:
> $attach = array(
>    'filename' => 'myfile.pdf',
>    'mimetype' => 'application/pdf',
>    'content'  => 'pdf here'
> );
> 
> header('Content-Disposition: attachment; filename='.
> $attach['filename']);
> header('Content-length: '. strlen($attach['content']));
> header('Content-type: '. $attach['mimetype']);
> echo $attach['content'];
> exit;

Note the case of Content-Length and Content-Type. This doesn't affect
implementation, but we may as well be perfectionists. :-)

I think using an array makes the syntax a bit cumbersome, but that's just
personal preference.

> The Content-Disposition header tells the browser to open the
> download dialog, and lets it know the correct filename/extension.

As shown, yes. You can specify the inline attribute to do the opposite,
basically making the resource an embedded one. Dan clearly knows this - I
only mention this to make sure our wording isn't misleading. I know a lot
of people who think the header() function is for redirecting, for a
similar reason.

> The Content-type header lets the browser correctly display an
> indication of the file type to the user (PDF,XLS,EXE etc). In
> most browsers it will also influence the default action (open vs
> download).

I have read where developers intentionally set an unknown mime type when
they want to force a download. Does anyone know whether this is justified?
The argument I've seen is that when the browser has a default action
specified for the given mime type, the attachment attribute of
Content-Disposition is ignored, and the resource is displayed inline
instead.

Chris

=====
Chris Shiflett - http://shiflett.org/

PHP Security - O'Reilly     HTTP Developer's Handbook - Sams
Coming December 2004        http://httphandbook.org/



More information about the talk mailing list