2007. 12. 29, szombat keltezéssel 13.39-kor AmirBehzad Eslami ezt írta: > I want to write a function to check > whether string $A is a prefix for string $B or not. if (strpos($B, $A) === 0) { echo '$B begins with $A'; } else { echo '$B does not begin with $A'; } greets Zoltán Németh > > I writing this function in order to prevent directory traversal > during a download request. (e.g., download.php?file=..\index.php) > > I want to make sure that the realpath() of the requested file is > within the realpath() of the download-directory. Trying to make > sure that the the $download_dir is a prefix for $filepath. > > @see: http://en.wikipedia.org/wiki/Directory_traversal > ** > *TWO FUNCTIONS:* > > function is_prefix1($prefix, $str) { > return (0 == strncasecmp($prefix, $str, strlen($prefix))); > } > > function is_prefix2($prefix, $str) { > return (0 === stripos($str, $prefix)); > } > *USAGE:* > if (is_prefix1('a', 'abcdef')) > echo 'prefix1 returned True!', '<br />'; > > if (is_prefix2('a', 'abcdef')) > echo 'prefix2 returned True!', '<br />'; > > ------------------------ > Do these functions do the same job? > Which one provides better performance? > > -behzad -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php