Re: Hide the real URL

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

At 7/26/2007 06:18 AM, elk dolk wrote:

I want to hide the real URL to my images by masking it with PHP
the code looks like this:

$query = "SELECT * FROM table";
$result=mysql_query($query);

while ($row = mysql_fetch_array($result))
{
echo "<img src='http://www.mysite.com/img/{$FileName}'/>";
}

if you look at the source in browser you will see:

<img src='http://www.mysite.com/img/111.jpg' />

how can I show it like this:

<img src='show.php?FileName=111.jpg' />



Your primary script would echo:

        while ($row = mysql_fetch_array($result))
        {
                // get the file name from the data table
                $FileName = $row['filename'];

                // encode the filename to be legal in an URL
                $FileName = urlencode($FileName);

                // download to browser
                echo <<<_
<img src="show.php?FileName=$FileName" />
_;
        }

and the secondary script show.php could use logic such as this:

        // if the querystring contains the expected parameter
        if (isset($_GET['Filename']))
        {
                // get requested filename
                $Filename = 'img/' . $_GET['Filename'];

                        // if that file exists
                        if (file_exists($Filename))
                        {
// output to browser, suppressing error message 
                                @readfile($Filename);
                        }
        }

Notes:

Your sample script included:
        echo "<img src='http://www.mysite.com/img/{$FileName}'/>";
Marking up your images as <img ... /> indicates that you want to use XHTML. XHTML requires that attributes be quoted with double quotes, not single quotes (apostrophes). Use <http://validator.w3.org/> to validate your markup. 

However, simply reversing the quotes in your statement would result in:
        echo '<img src="http://www.mysite.com/img/{$FileName}"/>';
This would not work because PHP would fail to expand the variable name inside single quotes. Therefore you'd need to escape the inner quotes like so: 
        echo "<img src=\"http://www.mysite.com/img/{$FileName}\"/>";
or use heredoc (<<<...) which I prefer to use because it means not having to escape the quotes. In a case like this it also means not having to enclose the variable in curly braces: 

        echo <<<_
<img src="show.php?FileName=$FileName" />
_;


urlencode: http://php.net/urlencode

heredoc syntax: http://php.net/heredoc#language.types.string.syntax.heredoc

isset: http://php.net/isset

file_exists: http://php.net/file_exists

readfile: http://php.net/readfile

@ Error Control Operator: http://php.net/@


Regards,

Paul
__________________________

Paul Novitski
Juniper Webcraft Ltd.
http://juniperwebcraft.com 
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux