※ 引述《bigair (不要食言 會肥)》之銘言： : 針對你推文，提出我的想法。 : 1. 用 header 301 導向 : 使用者看到的連結會是 http://xxx.com/download.php?id=123 : 點擊以後 download 會去資料庫撈出 id = 123 的真正位置: : http://xxx.com/file/abc.zip : 接著 : header('Location: http://xxx.com/file/abc.zip') : 可以避免在網頁上直接被使用者看到檔案位置的窘境，也可以在 download.php 做點判斷 : 避免被盜連。 : y版友講的方法就是屬於這種的。 我推這個方法，搭配資料庫的判斷，利用 header 的方式輸出下載 function dl_file($file){ //First, see if the file exists if (!is_file($file)) { die("<b>404 File not found!</b>"); } //Gather relevent info about file $len = filesize($file); $filename = basename($file); $file_extension = strtolower(substr(strrchr($filename,"."),1)); //This will set the Content-Type to the appropriate setting for the file switch( $file_extension ) { case "pdf": $ctype="application/pdf"; break; case "exe": $ctype="application/octet-stream"; break; case "zip": $ctype="application/zip"; break; case "doc": $ctype="application/msword"; break; case "xls": $ctype="application/vnd.ms-excel"; break; case "ppt": $ctype="application/vnd.ms-powerpoint"; break; case "gif": $ctype="image/gif"; break; case "png": $ctype="image/png"; break; case "jpeg": case "jpg": $ctype="image/jpg"; break; case "mp3": $ctype="audio/mpeg"; break; case "wav": $ctype="audio/x-wav"; break; case "mpeg": case "mpg": case "mpe": $ctype="video/mpeg"; break; case "mov": $ctype="video/quicktime"; break; case "avi": $ctype="video/x-msvideo"; break; //The following are for extensions that shouldn't be downloaded (sensitive stuff, like php files) case "php": case "htm": case "html": case "txt": die("<b>Cannot be used for ". $file_extension ." files!</b>"); break; default: $ctype="application/force-download"; } //Begin writing headers header("Pragma: public"); header("Expires: 0"); header("Cache-Control: must-revalidate, post-check=0, pre-check=0"); header("Cache-Control: public"); header("Content-Description: File Transfer"); //Use the switch-generated Content-Type header("Content-Type: $ctype"); //Force the download $header="Content-Disposition: attachment; filename=".$filename.";"; header($header ); header("Content-Transfer-Encoding: binary"); header("Content-Length: ".$len); @readfile($file); exit; } http://blog.wu-boy.com/2007/05/25/106/ : 2. 跟前面的方法很像，只不過使用者點擊以後，PHP會去讀取伺服器上的檔案， : 然後 output 給使用者，算是一種強迫下載的方式。 : google keyword: php force download : 提供一點想法討論討論 -- Appleboy Blog： http://blog.Wu-Boy.com Appleboy Life： http://life.wu-boy.com -- ※ 發信站: 批踢踢實業坊(ptt.cc) ◆ From: 140.123.107.20