Database export to text file...

d4v1d · 01-09-2008, 11:33 AM

Hi guys, sorry to bother, just a bit stuck at the mo.

I need to code a newsletter subscription application in PHP with MySQL that collects the name and email address of the user. That's simple enough, but I need to have an option in an admin panel that allows the administrator to export that email address column to a text file that prompts the admin to download the file. i.e. i don't want to save it to a text file on the server. The format of which has to be line-separated. How do I go about this?

RobertK · 01-09-2008, 12:52 PM

Well, to start off, you have to have decided upon your format. If you want it in plain XML it is quite simple. But human readable, at least quickly so, has to be done differently.

A good way to start is:

PHP Code:


			
// Make sure you test security, test the

// $_GET['var'] validity and sanitize all input.



// Mine: C:\Program Files\Xampp\htdocs

$szServerRoot   = $_SERVER['DOCUMENT_ROOT'];

// .htaccess in this dir should deny from *

$szSecureFolder = szServerRoot . '/admin/downloads';

// A simple filename

$szFileName = 'email_dump.txt';

$szFullName = $szSecureFolder . '/' . $szFileName;



$db = mysl(...) or die(mysql_error());

mysql_select_db('MyDb');



// The following command outputs each column seperated by a tab

// and a row seperated by a linefeed; plenty readable.

$result = mysql_query('SELECT * FROM myTable INTO OUTFILE \''.$szFullName.'\';');



if($isValidRequest && $result) {

  header('Pragma: public');

  header('Expires: 0');

  header('Cache-Control: must-revalidate, post-check=0, pre-check=0');

  header('Cache-Control: public');

  header('Content-Description: File Transfer');

  header('Content-Type: plain/text');

  header('Content-Disposition: attachment; filename='.$szFileName);

  header('Content-Transfer-Encoding: ascii');

  header('Content-Length: ' . filesize($szFullName));



  @readfile($szFullName);

} else {

  die('Error encountered: '.mysql_error());

}

d4v1d · 01-09-2008, 02:03 PM

Thanks a mil, I'm gonna test that out tonight... I'm guessing the ".htaccess in this dir should deny from *" would force it to download?

RobertK · 01-09-2008, 02:17 PM

No! Don't mess with it unless you understand it! Wait a few while I edit an explanation into this post.

---

Okay, the .htaccess in the secure directory should read:

Code:

Deny from all

This means any database dumps that remain there cannot be access directly by HTTP, cURL, or like methods. This forces the download to route through the script, which I gave you a sample of above.

The download is forced by telling the browser that the file is an attachment, meaning "download this", and not .htaccess. The .htaccess file is for your security and preventing circumvention of your security.

d4v1d · 01-09-2008, 04:29 PM

lol you misunderstood me... I meant exactly what you just said now... by setting the .htaccess to deny all, it forces the text file to download instead of writing to the server... I know what the .htacess is for, i'm not a complete noob

RobertK · 01-09-2008, 04:30 PM

Yeah, it was a little bit of a challenge to understand precisely what you meant. So I made sure to play it safe. Better safe, than searching for hours.