Page 1 of 1

[SOLVED] my directories revealed!!

Posted: Fri Feb 04, 2005 11:39 am
by sweenyman
Hi Guys
Hope you can help
I am creating a site that allows you to upload images. When I was testing the site I just left the image fields empty which now shows a box with an x on it..Thats ok.When this box is clicked it reveals all my directories in new window(which would normally be the enlarged picture of original image).I'm using normal javascript to open window. Any ideas why or how to prevent this
Cheers
Sean 8O

Posted: Fri Feb 04, 2005 11:42 am
by feyd
post some code, along with what server you are using, the OS this server is sitting on, php version...

Posted: Fri Feb 04, 2005 11:56 am
by PrObLeM
try putting a blank index.html file in there so when someone tries to goto the directory it will end up being blank

Posted: Fri Feb 04, 2005 12:21 pm
by sweenyman
feyd wrote:post some code, along with what server you are using, the OS this server is sitting on, php version...
Hi feyd lookin at below it may have something to do with the images directory? What do you think
Im on windows PHP4 Apache MySql



<div align="center"><a href="#" on Click="window.open()"></a>
<a href="javascript:void(0);" onClick="window.open('images/adimages/<?php echo $row[x_image];?>', 'imagewin', 'toolbar=no, location=no, directories=no, status=no, menubar=no, scrollbars=no, resizable=yes, width=600, height=500, left=300, top=100')"><img src="images/adimages/<?php echo $row[x_image];?>" height="120" width="160" border="0"></a></div>


ps this is giving me trouble too

$sql = "DELETE FROM clients WHERE x_clientid = '$clid'";
when I echo the sql I get
DELETE FROM clients WHERE x_clientid = ' mous67894'
It dosent happen though ..but no errors I've tried leaving out quotes etc

Posted: Fri Feb 04, 2005 12:32 pm
by feyd
placing an index.html or other index file should help, however, you should also make sure $row['x_image'] actually evaluates to something, anything, a default value..

as for your delete problem, is there a client id that's ' mous67894' I would bet it's 'mous67894' notice the leading space is removed.

Posted: Fri Feb 04, 2005 1:00 pm
by sweenyman
feyd wrote:placing an index.html or other index file should help, however, you should also make sure $row['x_image'] actually evaluates to something, anything, a default value..

as for your delete problem, is there a client id that's ' mous67894' I would bet it's 'mous67894' notice the leading space is removed.
Thanks for the image problem

Re the other problem...
I noticed the whitespace before but I dont know how its getting there.
I have actually tried substituting $clid for the actual string mous67894 and it works I just dont know where the leading space is coming from. Once the var is in it wont work any time but if i put actual value in it works every time.
Confused
Sean

Posted: Fri Feb 04, 2005 2:16 pm
by sweenyman
feyd wrote:placing an index.html or other index file should help, however, you should also make sure $row['x_image'] actually evaluates to something, anything, a default value..

as for your delete problem, is there a client id that's ' mous67894' I would bet it's 'mous67894' notice the leading space is removed.
proplem solved.
<a href="cutclcont.php?clid= <?php echo $row['x_clientid']; ?>
<a href="cutclcont.php?clid=<?php echo $row['x_clientid']; ?>
The space before <?php echo....

Thanks feyd and PrObLeM for your prompt responses. Much appreciated.
Sean