Philip Hallstrom wrote:
I'm writing a content management application which saves file paths in
a database and allows users to search the database for those files.
Problem I'm having is that although the PHP script that handles the
database queries works fine, when the search results get to the
browser, all the paths are off limits.
I can't just move the photos inside the web folder as we're talking
tens of thousands of images that are already organized into a folder
structure that must be maintained as is.
Is there a way to allow the web page to see these photos?
The images are stored on a Windows box and all the web server stuff is
on a G5 Macintosh running OS 10.4 3 (in case that has any bearing on
the matter).
Depending on security issues you have two options.
Put a webserver on the Windows box and modify your search results to
link to the images using something like this:
<img src="http://windowsbox/getimage.php?path=/path/to/img.jpg";>
Then put a "getimage.php" script on the windows box that does something
like:
<?php
readfile($_GET[path]);
?>
I would just like to add that you _must_ sanitize $_GET['path'], otherwise
stuff you don't want will get read.... like a passwd file or the secret collection
of pr0n you have been hosting on the server at work ;-)
http://windowsbox/getimage.php?path=/etc/passwd";>
If you can't (or don't want to) put the windows box on the internet,
then still do the above and then also do the same on the mac. Assuming
the mac can get to the windows box. If that mac can't, then you're hosed.
good luck
-philip
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
![http://windowsbox/getimage.php?path=/path/to/img.jpg"](http://windowsbox/getimage.php?path=/path/to/img.jpg"){kind=link}