PHP

How to securely protect files and give them out by key or password?

I'm going to sell the application on allsoft and it becomes necessary to issue the full version of the program with a license key. I don't understand PHP very well, I made a simple script that implements this. Please have a look at it - are there any pitfalls in Apache\PHP that would allow a workaround to get this file or intrude into the database? The private
folder contains program executables. Also there is .htaccess , which blocks access to this folder for normal requests: Next - the user can make a get-request to the get.php file, which checks the key for the presence in the table and issues the file if everything is in order
Deny from all

<?php
$servername = "localhost";
$username = "username";
$password = "password";
$db = "db";

$dbh = new PDO("mysql:host=$servername;dbname=$db", $username, $password);

// Check connection
if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
} 

$key = $_GET["key"];
$version = (int) $_GET["version"];

$stmt = $dbh->prepare("SELECT count(*) FROM `serial_keys` WHERE `key_str`= :kk");
$stmt->bindParam(":kk", $key);
$stmt->execute();

$number_of_rows = $stmt->fetchColumn(); 

if($number_of_rows == 1){
    $file = "private/$version.exe";

    header('Content-Type: application/octet-stream');
    header("Content-Transfer-Encoding: Binary"); 
    header("Content-disposition: attachment; filename=\"App.exe\""); 
    header('Content-Length: ' . filesize($file));
    readfile("$file");
}else{
    echo "Неверный ключ!";
}

Request like site.com/get.php?key=DDD-XXX-BBB&version=1