CFFILE: download CSV file then delete


I need to be able to allow administrators for a site to download a list of subscribers details in CSV format.

The only problem is that I can't have the file sitting on the webserver for any tom dick and harry to download.

Is there a way for me to create the file, force it to download and then delete once the download is complete? Or perhaps make the file unique to that person's session and when their session times out it is rdeleted?

Thanks in advance

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

You can use <cfcontent> to dynamically generate csv files from a query.  You can also use cfcontent's deleteFile flag to serve up a file on the server hard drive and then delete "the file on the server after sending its contents to the client"

Though if the information is confidential perhaps the files should not be kept in a web accessible directory at all or stored as plain text.  But you know best what type of information you're dealing and whether this is a potential security risk or a lawsuit waiting to happen.
chrissp26Author Commented:
Thanks for the reply.

I have created the attached code based on the information you have given.

Essentially the reason I am doing this is so that an administrator (once logged in) can download a CSV file of all database subscribers and then use that data with a third party marketing tool i.e. SMS or direct mail etc.

If there is a better way of doing this I am all ears?
<cfquery name="getSubscribers" datasource="#dsl#">
	SELECT * FROM mailingList
<cfset filePath="#rootDirectory#/maintenance/subscribers.csv">
<cfset content = "Name,Email,Mobile Number,Date Of Birth">
<cfoutput query="getSubscribers">
	<cfset content = "">
	<cfset content = "#userName#,#email#,#mobileNumber#,#dateOfBirth#">
<cfheader name="Content-Disposition" value="attachment; filename=#getFileFromPath (filePath)#"> 
<cfcontent file="#filePath#" type="application/octet-stream" deletefile="yes">

Open in new window

You don't need to create a file at all. Just use a variable to concatenate the text in CSV format.  You can use the the QueryToCSV2 function at to do this.

Then use cfheader and cfcontent to present the content as a csv download for the user.  

> Date Of Birth
  Now that looks like a lawsuit just waiting to happen ;-)

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Cloud Class® Course: CompTIA Cloud+

The CompTIA Cloud+ Basic training course will teach you about cloud concepts and models, data storage, networking, and network infrastructure.

I just noticed my code sample never posted.  So here it is again.  Note, you need to download the QueryToCSV2 function from
<!--- create the csv content --->
<cfset content = QueryToCSV2(yourQueryName)>
<!--- display the content for downloading --->
<cfheader name="Content-Disposition" value="attachment; filename=nameOfYourFile.csv"> 
<cfcontent type="application/">

Open in new window

chrissp26Author Commented:
AGX: How much of a security risk is this? Should I remove the DOB?

I'm trying to give the user maximum flexibility but at the same time I need to cover my own back.
chrissp26Author Commented:
Thanks for your outstanding help.
I am not a lawyer, but personally I would remove it.  First there is the issue of whether customer's consented to having any of their information released to other parties at all.  Second, even if they did I doubt DOB is necessary for marketing purposes, an "Over 18" flag perhaps, but not DOB.  Companies typically give customers the impression they can expect a reasonable measure of security when releasing their information.  This type of downloading does not provide any security measures at all.  Not to mention that once you allow information to be downloaded, anything can happen to it, even during transit.  Again, I am not a lawyer, but this may open up areas of liability.  It is often a trade-off, but just because it is possible to do something does not mean it is a good idea ;-)  
chrissp26Author Commented:
Thanks AGX.

I will leave it out.
Just so you know why we were capturing it, the DOB was being captured so that subscribers who choose to enter it receive an email on their birthday containing a voucher to spend at the website's establishment. Thats the only thing it would be used for so there's not much point in keeping it.

Thanks again for your help.

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Web Servers

From novice to tech pro — start learning today.