|
|
Posted by Steve on 09/22/07 23:22
<dkirkdrei@yahoo.com> wrote in message
news:1190498503.311214.302020@50g2000hsm.googlegroups.com...
> On Sep 22, 3:43 pm, gosha bine <stereof...@gmail.com> wrote:
>> dkirkd...@yahoo.com wrote:
>>
>> > the code:
>>
>> > <?
>> > $var = "\\wusais\Intranets\Intranets\fpdb\pdf\weinig\00505882.pdf";
>> > echo strtr($var, array('\\' => '\\\\'));
>> > ?>
>>
>> > produces this:
>>
>> > \\wusais\\Intranets\\Intranets\\fpdb\\pdf\\weinig 05882.pdf
>>
>> > close but the end is still killing me...
>>
>> If the string is coming from DB as you have said, you shouldn't be
>> assigning it to $var, but fetch it from the database instead, like this:
>>
>> $rc = mysql_query("SELECT .....");
>> $row = mysql_fetch_array($rc);
>> $var = $row['fieldname'];
>>
>> echo strtr($var, array('\\' => '\\\\'));
>>
>> --
>> gosha bine
>>
>> extended php parser ~http://code.google.com/p/pihipi
>> blok ~http://www.tagarga.com/blok
>
> Ok, I appreciate all the feed back but maybe I need to post exactly
> what I am trying to accomplish.
> My variable is coming from a select statement out of a Access db via
> an ODBC connection. As it stands right now, I am
> using the following code:
>
> <form method="post" action="<?echo $dwg;?>" target="_blank">
> <td><p align="center"><button name="open" value="none"
> type="submit">open</button></td>
> </form>
>
> the variable $dwg is my windows file path that is structured like "\
> \wusais\Intranets\Intranets\fpdb\pdf\weinig\00505882.pdf";
> this code works fine, the user clicks the button and a new window
> opens displaying the file. I would like to control the window that the
> file is opened in so I have to pass the php variable over to
> javascript. If I pass it directly to the code below without doubling
> the slashes, the file does not open. I have manually doubled the
> slashes on a couple of the records in the db and everything works
> fine.
>
> javascript code that takes the place of the code posted above:
if ever i wanted a chance to hack a web application, i'd start by looking at
the js. you need to keep your file system information to yourself! if you
need to give a file to a web user or to use other systems resources, YOU
need to get them and then give the RESULT back to the user. if i know where
your network shares are (since they're happily in the js), i don't need your
front-end at all in order to puruse your system. i also know to apply
windows-based hacks to do even more damage since the unc is unique to that
os.
i love websites that also put their sql statements in js so they can use
them in conjunction with ajax. hell, tell me more about your
system...please!
[Back to original message]
|