Abdul - there are a few issues with your example code, which you might want to fix, before sharing it as an example of good practice.
Fristly, you should never be accessing $_GET params directly - Moodle has built-in optional_param / required_param functions to deal with this.
Secondly, you bypass the FilesAPI by using SQL queries directly into the mdl_files table.
Thirdly, you are using the deprecated get_context_instance function instead of context_xx::instance functions.
Fourthly, you completely bypass the pluginfile.php mechanism for serving files securely from within Moodle (which makes it a terrible example in this case, where someone is specifically asking how to use the correct pluginfile.php mechanism for serving files).
That's all I've spotted from a quick glance.