What is the best way to open a file in a browser

I know of a few ways (i know there is probably more) to open a file in a browser after the user clicks on a link,

• Use PHP headers to simulate a file download
• Use an <a> tag to redirect the user to the path of the file
• Use javascripts window.location to point to the file location
• Iframe tag
• Object tag

What is the most efficient, cross browser, or nicest w开发者_C百科ay to open a file in a browser? Or, what do most companies use?

Well personally the best method is to create a script called download.php and then send the file hashes to that, Imagine you had a directory layout like so:

/downloads/
    /2010/
        /abc8755ghc7659c75678bf78968.file
        /abc8755ghc7659c73278ef78998.file
        /abc8755ghc7659c75678bf78968.file
    /2009/
        /abc8755ghc7659c75678bf78968.file
        /abc8755ghc7659c75678bf78968.file

And then you had a script called download.php, You can then validate the users information to protect your actual files for scrapers etc.

Storing the files with no extension is ok, just as long as when the file is uploaded you can all the information and store it within your database, so that when we send the file we have the Content-Type, Extension, Original File Name, etc so we can send correctly

The reason for the hashing is that that parsers and scrapers can easily find the actually file on the server, so if a scraper look around your site and then has seen a title called My ebook 2010.pdf, He would not be able to download it form your server like http://mydomain.com/downloads/My ebook 2010.pdf as the file does not exists, it exists in http://mydomain.com/downloads/abc8755ghc7659c75678bf78968.file

Security is always the best measure, Also using PHP Would be able you to validate the actual user before your application decides weather the file should be sent or should b edenied

PHP Example script would be like so:

include 'all.the/files/needed.phhp';

if(!logged_in())
{
    header('Location: /');
    exit;
}

$FileRequest = FileRequest::getInstance();
$User = User::getInstance();

if($FileRequest->isValid)
{
   if($user->canDownload($FileRequest->GetDatabaseID()))
   {
      $FileRequest->SendFile();
      exit;
   }
}

This way you can control download being sent, you never reveal your file location, and fiels are stored with a hash that would be hard to find.

All three will work. But, if you want to prevent outside domains (search engines, etc.) from accessing your files, you should use PHP:

getfile.php?id=1 OR getfile.php?name=file.txt

and check the HTTP_REFERER to make sure the request is from your domain.

Because different computers have different plugins, and different browsers and operating systems. If you want to be consistent, my recommendation is your first option, using headers to specify content disposition forcing the file to be downloaded. This will prevent inconsistency where some files open inside the browser, some open in a 3rd party external program.

This is also referring to files that are non images, such as PDF's. You should open images inside the browser. Non-flash movies are questionable as well.

Using <a href="file.pdf">download file</a> is the most efficient, cross browser way!

The PHP method you described is just simulating a redirect which would achieve the same thing!

Javascript is the least accessible for people with javascript turned off!

Use an tag to redirect the user to the path of the file

This one. Give me a link I can click on to open using an in-browser handler. Or, so I can right-click on it and save it to my hard drive.

I'd say the best way is to link to the file using an <a> tag setting the attribute target="_blank" that way if the users machine supports opening the document in the browser it will do so. If not it will be prompted to download the file.