|
-
Nov 21st, 2008, 03:51 AM
#1
Thread Starter
Hyperactive Member
Secret Location For Pictures?
I want to display pictures from some folder without allowing the user to see the their folder name when he click (rightclick on the photo=>properties).
So I make a seperate file called printit, it contains:
<?php
echo "<img src="IMGFOL/".$_GET['imgname'].">";
?>
and then when I want to display a picture for the user I write:
echo "<img src='printit.php?imgname=12'>";
but the picture wasn't displayed! while the generated url is correct, when I copy it and put in address bar, the picture is displayed.
what is the problem?
thank's in advance
-
Nov 21st, 2008, 03:52 AM
#2
Thread Starter
Hyperactive Member
Re: Secret Location For Pictures?
it give me "X" instead of the picture, while the picture is exist!
-
Nov 21st, 2008, 12:41 PM
#3
Re: Secret Location For Pictures?
Your quotes are the issue.
PHP Code:
<?php
echo "<img src="IMGFOL/".$_GET['imgname'].">";
?>
//should be
<?php
echo "<img src='IMGFOL/".$_GET['imgname']."'/>";
?>
-
Nov 21st, 2008, 05:29 PM
#4
Thread Starter
Hyperactive Member
Re: Secret Location For Pictures?
also didn't work!
any other solution?
thank's
-
Nov 21st, 2008, 08:41 PM
#5
Re: Secret Location For Pictures?
You have an img tag inside of an img tag, thats why.
HTML Code:
<img src='printit.php?photo=dclamp.jpg>
Printit.php:
PHP Code:
<?php
$imgname = $_GET['photo'];
$folderlocation = "images/";
echo $folderlocation . $imgname;
?>
--------------------------------------
Here was your code:
PHP Code:
<?php
echo "<img src="IMGFOL/".$_GET['imgname'].">";
?>
HTML Code:
<img src='printit.php?imgname=12'>
Would Output:
HTML Code:
<img src='<img src='IMGFOL/12'>'>
Last edited by dclamp; Nov 21st, 2008 at 08:44 PM.
My usual boring signature: Something
-
Nov 21st, 2008, 08:51 PM
#6
Re: Secret Location For Pictures?
Nice catch dclamp. I didn't even notice the URL was in an img tag, I had assumed it was in a hyperlink anchor.
If dclamp's solution doesn't work for you, give us the HTML code your incorrect page displays.
-
Nov 22nd, 2008, 09:03 PM
#7
Re: Secret Location For Pictures?
Two points, one trivial, one not so trivial:
(1) Don't use echo to write HTML. PHP is designed to be embedded within HTML not vice versa.
(2) Never echo back input that comes from the client. This is called a cross-site scripting (XSS) vulnerability. Why?— because you are outputting user input without validating it, anyone can manipulate the query string component of the URL to inject malicious JavaScript into the page and potentially gain unauthorised access to data, such as through reading other users' cookies.
-
Dec 3rd, 2008, 03:43 PM
#8
Thread Starter
Hyperactive Member
Re: Secret Location For Pictures?
I tested all possible codes, but none of them worked!!!
Isn't there a secure way to do that, not necessarly by the same idea. I just want to unable the user to see the real location of the image
thank's
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|
Reply With Quote
