• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2142
  • Last Modified:

CFFILE: download CSV file then delete

Hello,

I need to be able to allow administrators for a site to download a list of subscribers details in CSV format.

The only problem is that I can't have the file sitting on the webserver for any tom dick and harry to download.

Is there a way for me to create the file, force it to download and then delete once the download is complete? Or perhaps make the file unique to that person's session and when their session times out it is rdeleted?

Thanks in advance

Chris
0
chrissp26
Asked:
chrissp26
  • 4
  • 4
1 Solution
 
_agx_Commented:
You can use <cfcontent> to dynamically generate csv files from a query.  You can also use cfcontent's deleteFile flag to serve up a file on the server hard drive and then delete "the file on the server after sending its contents to the client"

http://livedocs.adobe.com/coldfusion/6.1/htmldocs/tags-a17.htm

Though if the information is confidential perhaps the files should not be kept in a web accessible directory at all or stored as plain text.  But you know best what type of information you're dealing and whether this is a potential security risk or a lawsuit waiting to happen.
0
 
chrissp26Author Commented:
Thanks for the reply.

I have created the attached code based on the information you have given.

Essentially the reason I am doing this is so that an administrator (once logged in) can download a CSV file of all database subscribers and then use that data with a third party marketing tool i.e. SMS or direct mail etc.

If there is a better way of doing this I am all ears?
<cfquery name="getSubscribers" datasource="#dsl#">
	SELECT * FROM mailingList
</cfquery>
<cfset filePath="#rootDirectory#/maintenance/subscribers.csv">
<cfset content = "Name,Email,Mobile Number,Date Of Birth">
<cffile
	action="write"
	file="#filePath#"
	output="#content#">
 
<cfoutput query="getSubscribers">
	<cfset content = "">
	<cfset content = "#userName#,#email#,#mobileNumber#,#dateOfBirth#">
	<cffile
		action="append"
		file="#rootDirectory#/maintenance/subscribers.csv"
		output="#content#">
	
</cfoutput>
 
<cfheader name="Content-Disposition" value="attachment; filename=#getFileFromPath (filePath)#"> 
 
<cfcontent file="#filePath#" type="application/octet-stream" deletefile="yes">

Open in new window

0
 
_agx_Commented:
You don't need to create a file at all. Just use a variable to concatenate the text in CSV format.  You can use the the QueryToCSV2 function at cflib.org to do this.
http://cflib.org/udf.cfm?ID=1197

Then use cfheader and cfcontent to present the content as a csv download for the user.  

> Date Of Birth
  Now that looks like a lawsuit just waiting to happen ;-)
0
Learn to develop an Android App

Want to increase your earning potential in 2018? Pad your resume with app building experience. Learn how with this hands-on course.

 
_agx_Commented:
I just noticed my code sample never posted.  So here it is again.  Note, you need to download the QueryToCSV2 function from cflib.org
http://cflib.org/udf.cfm?ID=1197
<!--- create the csv content --->
<cfset content = QueryToCSV2(yourQueryName)>
 
<!--- display the content for downloading --->
<cfheader name="Content-Disposition" value="attachment; filename=nameOfYourFile.csv"> 
<cfcontent type="application/vnd.ms-excel">
<cfoutput>#content#</cfoutput>

Open in new window

0
 
chrissp26Author Commented:
AGX: How much of a security risk is this? Should I remove the DOB?

I'm trying to give the user maximum flexibility but at the same time I need to cover my own back.
0
 
chrissp26Author Commented:
Thanks for your outstanding help.
0
 
_agx_Commented:
I am not a lawyer, but personally I would remove it.  First there is the issue of whether customer's consented to having any of their information released to other parties at all.  Second, even if they did I doubt DOB is necessary for marketing purposes, an "Over 18" flag perhaps, but not DOB.  Companies typically give customers the impression they can expect a reasonable measure of security when releasing their information.  This type of downloading does not provide any security measures at all.  Not to mention that once you allow information to be downloaded, anything can happen to it, even during transit.  Again, I am not a lawyer, but this may open up areas of liability.  It is often a trade-off, but just because it is possible to do something does not mean it is a good idea ;-)  
0
 
chrissp26Author Commented:
Thanks AGX.

I will leave it out.
Just so you know why we were capturing it, the DOB was being captured so that subscribers who choose to enter it receive an email on their birthday containing a voucher to spend at the website's establishment. Thats the only thing it would be used for so there's not much point in keeping it.

Thanks again for your help.

Chris
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 4
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now