Your Location is: Home > Php

Is there a way to prevent some one to execute a php that he must download it

From: Vaduz View: 3266 Jardson Sales 

Question

My question is, if I have a file upload website, and some one host a PHP file, and I always force the server to download it, exists some way for the hack execute the php on my server instead of download it?

My code:

<?php 
$file = "files/" . $_GET["file"];
if (file_exists($file)) {
header('Content-Description: File Transfer');
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename="'.basename($file).'"');
header('Expires: 0');
header('Cache-Control: must-revalidate');
header('Pragma: public');
header('Content-Length: ' . filesize($file));
readfile($file);
exit;

Best answer