Jump to content

''//'' in url

zhq

By zhq
in PHP Coding Help

Recommended Posts

zhq Member

zhq

Posted
  • Author
Posted
In IE address field, something like http://localhost//faqdisplay.php?page=59&type=2. The script is working fine under Xitami Web server. The faqdisplay.php script is below.
*****
<?php include("formheader.inc"); ?>
    <td valign="top" height="100%" width="986" style="border-right:none; border-right-width:medium; border-top-style:none; border-top-width:medium; border-bottom-style:none; border-bottom-width:medium; border-left:solid medium #FF6600" bgcolor="#FFFFFF" width="791"><!--mstheme--><font face="Arial, Arial, Helvetica">
   
<?php

$filedir = "http://" . $HTTP_SERVER_VARS['HTTP_HOST'];
if (dirname($HTTP_SERVER_VARS['PHP_SELF']) != "/")
$filedir = $filedir . dirname($HTTP_SERVER_VARS['PHP_SELF']) . "/";
$filedir = $filedir . "faq/";

if (isset($_GET['type']) && isset($_GET['page'])){
$type=$_GET['type'];
$page=$_GET['page'];
if($type==1) echo " <font size=\"4\">FAQ: Unix Workstation Related</font><br><br>";
else if($type==2) echo " <font size=\"4\">FAQ: EDA tools</font><br><br>";
else if($type==3) echo " <font size=\"4\">FAQ: Design Kits</font><br><br>";
else if($type==4) echo " <font size=\"4\">FAQ: Others</font><br><br>";
mysql_connect("localhost","root","") or die ("Unable to connect to MySQL server.");
$db = mysql_select_db("nus") or die ("Unable to select requested database.");
$sql = "SELECT * from faq WHERE faq_no=\"$page\"";
$result = mysql_query($sql);
if ($result)
{
if (mysql_num_rows($result) == 0)
{
echo "No FAQ available.<br>";
exit();
} else
{
$count = mysql_num_rows($result);
while ($count > 0) {

$index = 1;
$row_array = mysql_fetch_row($result);
//$row_array[2]= strip_tags($row_array[2]);
//$row_array[2] = StripSlashes($row_array[2]);
$row_array[2] = ereg_replace("\n","<br>&nbsp&nbsp;", $row_array[2]);
$row_array[1] = ereg_replace("\n","<br>&nbsp&nbsp;", $row_array[1]);

echo "<font color=brown><b>Question:</b></font> (ID: ".$row_array[0].")<font color=blue>&nbsp&nbsp".$row_array[1] ."</font><br><br>";
print "<font color=brown>Answer:</font><br><font color=blue>&nbsp&nbsp".$row_array[2] . "</font><br><br>";
if ($row_array[3] != "No file attached"){
echo "File ".$index.": <br><font color=blue>&nbsp&nbsp". $row_array[6]. "&nbsp</font><a href=$filedir".$row_array[3]. ">(View it)</a><br><br>";
$index++;
}
if ($row_array[4] != "No file attached"){
echo "File ".$index.": <br><font color=blue>&nbsp&nbsp". $row_array[7]. "&nbsp</font><a href=$filedir".$row_array[4]. ">(View it)</a><br><br>";
$index++;
}
if ($row_array[5] != "No file attached"){
echo "File ".$index.": <br><font color=blue>&nbsp&nbsp". $row_array[8]. "&nbsp</font><a href=$filedir".$row_array[5]. ">(View it)</a><br><br>";
}
echo "<hr>";
$count = $count - 1;
}

}
}
}

?>
   
    <!--mstheme--></font></td>
  </tr>
 
<?php include("formfooter.inc"); ?>
****

regards
zhq
Link to comment
https://forums.phpfreaks.com/topic/28947-in-url/#findComment-132604
Share on other sites
btherl Member

btherl

Posted
Posted
I suspect $filedir is not set correctly, probably because $HTTP_SERVER_VARS have different values in the different webserver.

Try looking at the output from this:

[code=php:0]echo "<pre>"; var_dump($HTTP_SERVER_VARS);[/code]


That will show you what is available in $HTTP_SERVER_VARS

You can also try

[code=php:0]echo "<pre>"; var_dump($_SERVER);[/code]


$_SERVER is the new name for $HTTP_SERVER_VARS.
Link to comment
https://forums.phpfreaks.com/topic/28947-in-url/#findComment-132607
Share on other sites
zhq Member

zhq

Posted
  • Author
Posted
Hi,

I got a ' Parse error: parse error, unexpected T_ELSEIF in c:\inetpub\wwwroot\vlsi\forward.php on line 8' message after I changed the first few lines in order to ensure that dirname($HTTP_SERVER_VARS['PHP_SELF']) is not equal to "/" and "\".

***<?php
include("download_header.php");
header("Cache-control: no-cache");

$fd = "http://" . $HTTP_SERVER_VARS['HTTP_HOST'];

if (dirname($HTTP_SERVER_VARS['PHP_SELF']) == "/")
    {elseif (dirname($HTTP_SERVER_VARS['PHP_SELF']) != "\")
       {$filedir = $fd . dirname($HTTP_SERVER_VARS['PHP_SELF']) . "/" ;} else {
        $sub_filedir = dirname($HTTP_SERVER_VARS['PHP_SELF']);
        $sub_filedir = str_replace('\','', $sub_filedir);
        $filedir = $fd . $sub_filedir . "/"; }
     }
$tempdir = $filedir . "temp/";
$filedir = $filedir . "uploadfiles/";
        $redirect = $filedir . "download_main.php";

function RemoteFileSize($remote_file)
{
   $file = file_get_contents($remote_file);
   
   return strlen($file);
}

function Longfread($handle, $size){
$contents = "";
do {
   $data = fread($handle, $size);
   if (strlen($data) == 0) {
   break;
   }
   $contents .= $data;
} while(true);
return $contents;
}



if (isset($_GET['page'])){
$page=$_GET['page'];

mysql_connect("localhost","root","") or die ("Unable to connect to MySQL server.");
$db = mysql_select_db("nus") or die ("Unable to select requested database.");
$sql = "SELECT f_name from file WHERE f_ID=\"$page\"";
$result = mysql_query($sql);

if($result){
if (mysql_num_rows($result) == 0){
echo "This file may not exist in database. Please enter your administrator name

correctly.
<a href=$redirect>BACK</a>.<br>";
exit();
} else{
$row_array = mysql_fetch_row($result);
$filename = $row_array[0];
//$filename ="logout.pdf";
//$tempdir=$tempdir.$filename;
$filedir=$filedir.$filename;

$filesize=RemoteFileSize($filedir);

header("Content-Type: application/pdf");
header("Content-Length: ".$filesize);
header("Content-Disposition: inline; filename=$filename");

$fp = fopen($filedir, 'rb');
$pdf_buffer = Longfread($fp, 8192);
fclose ($fp);
print $pdf_buffer;
exit();

//header("Location: $filedir");
//exit();

}
}

}else{
header("Location: $redirect");
}

Link to comment
https://forums.phpfreaks.com/topic/28947-in-url/#findComment-136646
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.