How to Use PHP to Force a File Download

Because most modern browsers display PDF and media files inline, use the PHP programming language — which allows you to change the HTTP headers of files that you’re writing — to force the browser to download rather than display a given file type.

This process requires two separate steps. First, you'll create a PHP file that governs the file you wish to protect, and then you'll add a reference to that PHP file within the HTML of the page in which it appears.

After you upload a file to the server, create a PHP document in a text editor. If, for example, you wish to force sample.pdf to download instead of to display inline, create a script like this:

<?php
header("Content-disposition: attachment; filename=sample.pdf");
header("Content-type: application/pdf");
readfile("sample.pdf");
?>

There should be no spaces or carriage returns anywhere in the file (except after a semi-colon). Blank lines will cause PHP to default to the MIME type of text/html and your file won't download.

Save the PHP file to the same location as your HTML pages. Then modify the page's link to the PDF as follows:

<a href="sample.php">Download the PDF</a>

Two important considerations govern this procedure. First, if someone discovered the direct link to the PDF file, he or she can access it directly without the PHP getting in the way. Second, you'll need PHP protection for each file you wish to protect using this quick-and-easy approach. To protect several files in this manner, it makes sense to name the protected file and the PHP file with the same name, differing only in the extension, to keep everything straight.