I want to write a function to check whether string $A is a prefix for string $B or not. I writing this function in order to prevent directory traversal during a download request. (e.g., download.php?file=..\index.php) I want to make sure that the realpath() of the requested file is within the realpath() of the download-directory. Trying to make sure that the the $download_dir is a prefix for $filepath. @see: http://en.wikipedia.org/wiki/Directory_traversal ** *TWO FUNCTIONS:* function is_prefix1($prefix, $str) { return (0 == strncasecmp($prefix, $str, strlen($prefix))); } function is_prefix2($prefix, $str) { return (0 === stripos($str, $prefix)); } *USAGE:* if (is_prefix1('a', 'abcdef')) echo 'prefix1 returned True!', '<br />'; if (is_prefix2('a', 'abcdef')) echo 'prefix2 returned True!', '<br />'; ------------------------ Do these functions do the same job? Which one provides better performance? -behzad
