• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

php question


tim

Senior Member
#1
if i upload 27 files to a directory, how do i create a PHP code to ask it to pull the first 9 into one document, the second 9 into the next document and the last lot of 9 in a third document? i'm assuming it's possible...
 
#4
The official php.net website is very useful. Googling around it is the best way, I think.

Google for "site:PHP: Hypertext Preprocessor [keywords]" and you'll only get results from php.net (if you didn't already know). But if you're not sure what functions you need, but you kind of know what you want to do, try searching in really basic English. In the above example, you could have searched

"site:PHP: Hypertext Preprocessor scan directory" - first result? You got it!
 

Jazajay

Active Member
#8
Hay Tim,
Security mindset coming in, you are not allowing the user to modify this file, ie ~ is the PHP code being created dynamically from user supplied data?

So for example you have a link or what ever that looks like this?

<?php $category=$_POST['category'];
echo $category."/some-file.htm";?>


Jaz
key:
Red ~ PHP
 

tim

Senior Member
#9
@Jazajay: i dunno what you mean Jaz, sorry! Do you mean like each link different per user, which could mean they could pull in all kinds of files? It'd be a product page with 9/16 small images, and I don't want to have to name them each time, but just pull them in.

@Phil: I'm using this so that I can just upload a few images to a directory and the page automatically pull it in, instead of me having to link each one in at a time. There's 300 products on the site so it's just trying to make the job smaller.
 

Jazajay

Active Member
#10
Yeah exactly if you allow the user to change the file path, they can then pull any file off the server, ie: db passwords, this is obviously something you don't want them to do.

To circumvent it I would use the basename() function as this function makes sure that any file path that is added is trimmed off.

So in the above example it would be safer to write ~
<?php
$category=$_POST['category'];
echo basename($category)."/some-file.htm";
?>


I really, really respect that you want to teach yourself, IMO the only true way to learn, but always think how can this be exploited, because if you can think of 1 way so can a hacker, trust me from experience. :)

Hope it helps.
Jaz
key:
Red ~ PHP