I have a query string like this 
http://server/download.php?fname=name_of_remote_file. The script runs and displays a 
file download dialog box.
Is there a way of validating the querystring to ensure that a user doesn't try 
something like fname=. or fname=.. or fname=? or fname=/, which enable the user to see 
the contents of the remote directory, without resorting to a load of 'if' 
statements.Are there any other special characters i should be aware of?

For the largest free email in Ireland (25MB) & 
File Storage space (20MB), visit http://www.campus.ie

Powered by Outblaze

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to