Re: [PHP] Hide the real URL

[Paul Novitski]

At 7/26/2007 06:18 AM, elk dolk wrote:
I want to hide the real URL to my images by masking it with PHP
the code looks like this:
$query = "SELECT * FROM table";
$result=mysql_query($query);

while ($row = mysql_fetch_array($result))
{
echo "<img src='http://www.mysite.com/img/{$FileName}'/>";
}

if you look at the source in browser you will see:

<img src='http://www.mysite.com/img/111.jpg' />

how can I show it like this:

<img src='show.php?FileName=111.jpg' />


Your primary script would echo:

        while ($row = mysql_fetch_array($result))
        {
                // get the file name from the data table
                $FileName = $row['filename'];

                // encode the filename to be legal in an URL
                $FileName = urlencode($FileName);

                // download to browser
                echo <<<_
<img src="show.php?FileName=$FileName" />
_;
        }

and the secondary script show.php could use logic such as this:

        // if the querystring contains the expected parameter
        if (isset($_GET['Filename']))
        {
                // get requested filename
                $Filename = 'img/' . $_GET['Filename'];

                        // if that file exists
                        if (file_exists($Filename))
                        {
                                // output to browser, suppressing 
error message
                                @readfile($Filename);
                        }
        }

Notes:

Your sample script included:
        echo "<img src='http://www.mysite.com/img/{$FileName}'/>";

Marking up your images as <img ... /> indicates that you want to use 
XHTML.  XHTML requires that attributes be quoted with double quotes, 
not single quotes (apostrophes).  Use <http://validator.w3.org/> to 
validate your markup.

However, simply reversing the quotes in your statement would result in:
        echo '<img src="http://www.mysite.com/img/{$FileName}"/>';
This would not work because PHP would fail to expand the variable 
name inside single quotes.  Therefore you'd need to escape the inner 
quotes like so:
        echo "<img src=\"http://www.mysite.com/img/{$FileName}\"/>";
or use heredoc (<<<...) which I prefer to use because it means not 
having to escape the quotes.  In a case like this it also means not 
having to enclose the variable in curly braces:

        echo <<<_
<img src="show.php?FileName=$FileName" />
_;


urlencode: http://php.net/urlencode

heredoc syntax: http://php.net/heredoc#language.types.string.syntax.heredoc

isset: http://php.net/isset

file_exists: http://php.net/file_exists

readfile: http://php.net/readfile

@ Error Control Operator: http://php.net/@


Regards,

Paul
__________________________

Paul Novitski
Juniper Webcraft Ltd.
http://juniperwebcraft.com 

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php