* Thus wrote [EMAIL PROTECTED] ([EMAIL PROTECTED]): > Cheers for your help... > I did this in the end... > > $rest = substr($row[file_info], 27, 100); > $download = "/home/sites/site1/web$rest"; > > where $row[file_info] = the full URL and the 27th character is the > .com/ bit.
what if they use: http://mysite.com/download/file instead of: http://www.mysite.com/download/file Your screwed! If you don't want to use preg_match then look at strrchr. Then of course what if they type: http://www.mysite.com/download/file?break=program Are you safe from that too? Make sure your safe in all conditions! HTH, Curt -- "I used to think I was indecisive, but now I'm not so sure." -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php