We help IT Professionals succeed at work.

CFFILE: download CSV file then delete

2,431 Views
Last Modified: 2013-12-24
Hello,

I need to be able to allow administrators for a site to download a list of subscribers details in CSV format.

The only problem is that I can't have the file sitting on the webserver for any tom dick and harry to download.

Is there a way for me to create the file, force it to download and then delete once the download is complete? Or perhaps make the file unique to that person's session and when their session times out it is rdeleted?

Thanks in advance

Chris
Comment
Watch Question

CERTIFIED EXPERT
Most Valuable Expert 2015

Commented:
You can use <cfcontent> to dynamically generate csv files from a query.  You can also use cfcontent's deleteFile flag to serve up a file on the server hard drive and then delete "the file on the server after sending its contents to the client"

http://livedocs.adobe.com/coldfusion/6.1/htmldocs/tags-a17.htm

Though if the information is confidential perhaps the files should not be kept in a web accessible directory at all or stored as plain text.  But you know best what type of information you're dealing and whether this is a potential security risk or a lawsuit waiting to happen.

Author

Commented:
Thanks for the reply.

I have created the attached code based on the information you have given.

Essentially the reason I am doing this is so that an administrator (once logged in) can download a CSV file of all database subscribers and then use that data with a third party marketing tool i.e. SMS or direct mail etc.

If there is a better way of doing this I am all ears?
<cfquery name="getSubscribers" datasource="#dsl#">
	SELECT * FROM mailingList
</cfquery>
<cfset filePath="#rootDirectory#/maintenance/subscribers.csv">
<cfset content = "Name,Email,Mobile Number,Date Of Birth">
<cffile
	action="write"
	file="#filePath#"
	output="#content#">
 
<cfoutput query="getSubscribers">
	<cfset content = "">
	<cfset content = "#userName#,#email#,#mobileNumber#,#dateOfBirth#">
	<cffile
		action="append"
		file="#rootDirectory#/maintenance/subscribers.csv"
		output="#content#">
	
</cfoutput>
 
<cfheader name="Content-Disposition" value="attachment; filename=#getFileFromPath (filePath)#"> 
 
<cfcontent file="#filePath#" type="application/octet-stream" deletefile="yes">

Open in new window

CERTIFIED EXPERT
Most Valuable Expert 2015
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
CERTIFIED EXPERT
Most Valuable Expert 2015

Commented:
I just noticed my code sample never posted.  So here it is again.  Note, you need to download the QueryToCSV2 function from cflib.org
http://cflib.org/udf.cfm?ID=1197
<!--- create the csv content --->
<cfset content = QueryToCSV2(yourQueryName)>
 
<!--- display the content for downloading --->
<cfheader name="Content-Disposition" value="attachment; filename=nameOfYourFile.csv"> 
<cfcontent type="application/vnd.ms-excel">
<cfoutput>#content#</cfoutput>

Open in new window

Author

Commented:
AGX: How much of a security risk is this? Should I remove the DOB?

I'm trying to give the user maximum flexibility but at the same time I need to cover my own back.

Author

Commented:
Thanks for your outstanding help.
CERTIFIED EXPERT
Most Valuable Expert 2015

Commented:
I am not a lawyer, but personally I would remove it.  First there is the issue of whether customer's consented to having any of their information released to other parties at all.  Second, even if they did I doubt DOB is necessary for marketing purposes, an "Over 18" flag perhaps, but not DOB.  Companies typically give customers the impression they can expect a reasonable measure of security when releasing their information.  This type of downloading does not provide any security measures at all.  Not to mention that once you allow information to be downloaded, anything can happen to it, even during transit.  Again, I am not a lawyer, but this may open up areas of liability.  It is often a trade-off, but just because it is possible to do something does not mean it is a good idea ;-)  

Author

Commented:
Thanks AGX.

I will leave it out.
Just so you know why we were capturing it, the DOB was being captured so that subscribers who choose to enter it receive an email on their birthday containing a voucher to spend at the website's establishment. Thats the only thing it would be used for so there's not much point in keeping it.

Thanks again for your help.

Chris
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.