Re: [PHP] phpsadness
On 11-06-03 04:47 PM, David Harkness wrote: The original PHP Sadness page didn't actually make me sad. This thread, however, *is*. Can we all agree that we have different opinions on what makes an appropriate joke and move on? Here's to less sadness in the world . . . David Here's some joy for all of us http://damnyouautocorrect.com/ warning - do not read with kids near the monitor -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Are there free prebuild websites?
Hi Peng, here's a site that has free css templates for you to use: http://www.templatemo.com/page/1 Peng Yu wrote: I want to build a website using PHP. But to make a website from scratch will take a long time. I observed many websites look similar. Therefore, I think that there are a lot of commonalities between them. I'm wondering if there are some depository of free prebuild websites (based on PHP or some other language) so that I can download and modify it for my needs. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] MySql Injection advice
On July 12, 2009 03:34:49 pm Haig Dedeyan wrote:
On Sat, 11 Jul 2009 21:26:36 -0400, Haig Dedeyan wrote:
On Sun, Jul 12, 2009 at 4:09 AM, Haig Dedeyan hdede...@videotron.ca
wrote:
mysql_query(INSERT INTO phonedir
(fname, lname) VALUES('$new_fname','$new_lname'))
or die(mysql_error());
I won;t be using 2x escapes but I just need to know if I should be seeing
the backslash in the dbase.
No, the backslashes should not be stored in the database.
They are only there to tell the database engine how to
separate data from the SQL syntax.
/Nisse
Ahhh. Thanks for the info.
Cheers
Haig
Re: [PHP] MySql Injection advice
On July 12, 2009 08:52:56 am Haig Dedeyan wrote:
At 6:39 PM -0400 7/11/09, Haig Dedeyan wrote:
[1]
mysql_query(INSERT INTO phonedir
(fname, lname) VALUES('$new_fname','$new_lname'))
or die(mysql_error());
or
[2]
mysql_query(INSERT INTO phonedir
(fname, lname)
VALUES('.mysql_real_escape_string($new_fname).','.mysql_real_escape_str
ing($new_lname).')) or die(mysql_error());
I always do [1] and NOT [2].
The reason for this is that when I clean and scrub data prior to
insertion, I may do more than pass it through a
mysql_real_escape_string() function.
For example, I may want to trim() it; or check if it's a valid email
address; or check if it's a number; or do any number of other checks
prior to insertion. I don't want to place all those functions into a
query, so why place one?
Lastly, I think [1] is easier to read than [2].
That's my take.
Cheers,
tedd
--
---
http://sperling.com http://ancientstones.com http://earthstones.com
Thanks. Yes I agree [1] is the better way to go.
After reading Nisse's response, it looks like the backslashes are never stored
in the table so all is good for me.
Thanks to everyone to helped out.
Cheers
Haig
Re: [PHP] MySql Injection advice
On July 13, 2009 09:48:54 am Haig Dedeyan wrote: On Monday 13 July 2009 14:31:09 tedd wrote: At 3:53 PM -0400 7/12/09, Paul M Foster wrote: On Sun, Jul 12, 2009 at 09:07:45AM -0400, tedd wrote: snip As for prepared statements, I'm no authority on them, but from what I've read they are not going to be something I'll be practicing anytime soon. Aside from Stuart's comments about slowness, what else have you read that makes you discount the use of prepared statements? The PDO class emphasizes that you're safe from SQL injection exploits, which seems a big plus. Paul Paul: As I said, I'm no authority. However as I have read, prepared statements are for a limited set of instructions in MySQL. They can't be used for everything. Why should I learn one way to do something that isn't universal in the language? Additionally, I think the way I sanitize data is sufficient AND I understand it. *My* learning curve may introduce security problems that I am not willing to risk, at this moment. As I said, I have more than enough on my plate to digest -- including learning non-prepared statements in MySQL. Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com Generally speaking, what I have always done to avoid MySQL injection is to use mysql_real_escape_string() on all variables I'm chucking into the database. This won't avoid hacks that involve people trying to insert other types of code into your content, aka XSS, et al, though. What I do for cases like these is try to be as specific as possible when allowing users to enter data and try to sanitise it as much as possible. For example, a name field shouldn't contain anything other than letters, so you can write a regex for that. Phone number fields should only contain numbers, the odd + sign, and sometimes spaces and brackets if you're users are really fastidious with their input. Sometimes this isn't possible, as in the case of a lot of free-text entry boxes, so for those you should try and make some attempt to strip out tags or html encode the data prior to displaying it. Anyway, that's my take on it, and it seems to work for me, but I'm always welcome to know of other ways, as I'd prefer being told on the list than finding out the hard way! :p -- Thanks, Ash http://www.ashleysheridan.co.uk Hi Ashley, for the phone #'s, I'm using int as the data type storing each part of the phone # in its own cell, When it gets displayed, I add a dash in between each part of the phone #'s (country code-area code-1st set of digits-last set of digits) Cheers Haig
Re: [PHP] MySql Injection advice
On July 11, 2009 10:57:14 am Haig Dedeyan wrote:
At 10:12 PM -0400 7/10/09, Haig Dedeyan wrote:
[1]
$fname = mysql_real_escape_string($fname);
$lname = mysql_real_escape_string($lname);
$sql = UPDATE phonedir SET fname = '$fname',lname = '$lname' WHERE
id=$id; $result = mysql_query($sql);
echo mysql_error() . \n;
This will result in the addition of the slashes.
[2]
If I do the following, there are no slashes. Just wondering if I'm on the
right path with the 1st code set..
$sql = UPDATE phonedir SET fname =
'.mysql_real_escape_string($fname).',lname =
'.mysql_real_escape_string($lname).' WHERE id=$id;
$result = mysql_query($sql);
echo mysql_error() . \n;
Haig:
Interesting, I did not know that -- that sounds like a bug to me --
both should be the same.
However, I commonly do [1] and when I have to display the data to a
browser, then I use htmlentities() and stripslashes() before
displaying the data. That way names like O'Brian appear correctly --
else they appear 0\'Brian.
Now maybe I'm doing something wrong, but this way works for me. If
there is a better way, I would like to here it.
Cheers,
tedd
Thanks Tedd.
I did more testing and here's what I have found.
@PHPSter - magic quotes are off
Just entering simple data where an apostrophe is part of the data.
The following code is entering the slash but that's becuase I am escaping it
twice since mysql_num_rows is throwing an error if an apostrophe is in its
search:
1 -
$new_fname = mysql_real_escape_string($new_fname);
$new_lname = mysql_real_escape_string($new_lname);
$result = mysql_query(SELECT * FROM phonedir WHERE fname = '$new_fname'
lname = '$new_lname');
$num_rows = mysql_num_rows($result);
if($num_rows 0)
{
echo $fname. .$lname. already exists;
}
else
{
mysql_query(INSERT INTO phonedir
(fname, lname)
VALUES('.mysql_real_escape_string($new_fname).','.mysql_real_escape_string($new_lname).'))
or die(mysql_error());
2 - If I do the same code above without the mysql_num_rows and no escaping,
the data doesn't get entered.
I think this is normal behaviour.
3 - If I do any of the 2 following sets of code where there is 1 instance of
escaping, the data gets entered with the apostrophe but I don't see any back
slash entered.
The part that I am concerned about is if I should be seeing the backslash
entered without having to double escape,
$new_fname = mysql_real_escape_string($new_fname);
$new_lname = mysql_real_escape_string($new_lname);
$result = mysql_query(SELECT * FROM phonedir WHERE fname = '$new_fname'
lname = '$new_lname');
$num_rows = mysql_num_rows($result);
if($num_rows 0)
{
echo $fname. .$lname. already exists;
}
else
{
mysql_query(INSERT INTO phonedir
(fname, lname) VALUES('$new_fname','$new_lname'))
or die(mysql_error());
or
mysql_query(INSERT INTO phonedir
(fname, lname)
VALUES('.mysql_real_escape_string($new_fname).','.mysql_real_escape_string($new_lname).'))
or die(mysql_error());
Re: [PHP] MySql Injection advice
On July 11, 2009 08:21:34 pm Haig Dedeyan wrote:
On Sun, Jul 12, 2009 at 4:09 AM, Haig Dedeyan hdede...@videotron.ca wrote:
On July 11, 2009 10:57:14 am Haig Dedeyan wrote:
At 10:12 PM -0400 7/10/09, Haig Dedeyan wrote:
[1]
$fname = mysql_real_escape_string($fname);
$lname = mysql_real_escape_string($lname);
$sql = UPDATE phonedir SET fname = '$fname',lname = '$lname' WHERE
id=$id; $result = mysql_query($sql);
echo mysql_error() . \n;
This will result in the addition of the slashes.
[2]
If I do the following, there are no slashes. Just wondering if I'm on
the
right path with the 1st code set..
$sql = UPDATE phonedir SET fname =
'.mysql_real_escape_string($fname).',lname =
'.mysql_real_escape_string($lname).' WHERE id=$id;
$result = mysql_query($sql);
echo mysql_error() . \n;
Haig:
Interesting, I did not know that -- that sounds like a bug to me --
both should be the same.
However, I commonly do [1] and when I have to display the data to a
browser, then I use htmlentities() and stripslashes() before
displaying the data. That way names like O'Brian appear correctly --
else they appear 0\'Brian.
Now maybe I'm doing something wrong, but this way works for me. If
there is a better way, I would like to here it.
Cheers,
tedd
Thanks Tedd.
I did more testing and here's what I have found.
@PHPSter - magic quotes are off
Just entering simple data where an apostrophe is part of the data.
The following code is entering the slash but that's becuase I am escaping
it
twice since mysql_num_rows is throwing an error if an apostrophe is in
its search:
1 -
$new_fname = mysql_real_escape_string($new_fname);
$new_lname = mysql_real_escape_string($new_lname);
$result = mysql_query(SELECT * FROM phonedir WHERE fname = '$new_fname'
lname = '$new_lname');
$num_rows = mysql_num_rows($result);
The error message may be saying the mysql_num_rows is throwing an error but
actual error is on mysql_query function level (Not a correct query)
if($num_rows 0)
{
echo $fname. .$lname. already exists;
}
else
{
mysql_query(INSERT INTO phonedir
(fname, lname)
VALUES('.mysql_real_escape_string($new_fname).','.mysql_real_escape_st
ring($new_lname).')) or die(mysql_error());
BTW twice escaping is not good
2 - If I do the same code above without the mysql_num_rows and no
escaping, the data doesn't get entered.
I think this is normal behaviour.
Welcome to hell of quotes :(
3 - If I do any of the 2 following sets of code where there is 1 instance
of
escaping, the data gets entered with the apostrophe but I don't see any
back
slash entered.
The part that I am concerned about is if I should be seeing the backslash
entered without having to double escape,
Please see magic_quotes_runtime setting configuration...
http://www.php.net/manual/en/info.configuration.php#ini.magic-quotes-runtim
e
If it is enables it will automatically removed the slashes from any
external source including databases...
It was there to make the life of developer somewhat easier ()...
magic quotes things are deprecated and completely will be removed in PHP 6
$new_fname = mysql_real_escape_string($new_fname);
$new_lname = mysql_real_escape_string($new_lname);
$result = mysql_query(SELECT * FROM phonedir WHERE fname = '$new_fname'
lname = '$new_lname');
$num_rows = mysql_num_rows($result);
if($num_rows 0)
{
echo $fname. .$lname. already exists;
}
else
{
mysql_query(INSERT INTO phonedir
(fname, lname) VALUES('$new_fname','$new_lname'))
or die(mysql_error());
or
mysql_query(INSERT INTO phonedir
(fname, lname)
VALUES('.mysql_real_escape_string($new_fname).','.mysql_real_escape_st
ring($new_lname).')) or die(mysql_error());
Thansk Zareef.
Magic quotes are off. This is what my php ini says:
; Magic quotes for incoming GET/POST/Cookie data.
magic_quotes_gpc = Off
; Magic quotes for runtime-generated data, e.g. data from SQL, from exec(),
etc.
magic_quotes_runtime = Off
; Use Sybase-style magic quotes (escape ' with '' instead of \').
magic_quotes_sybase = Off
I won;t be using 2x escapes but I just need to know if I should be seeing the
backslash in the dbase.
@Tedd - I will be looking into prepared statements eventually but I still want
to understand escaping.
Cheers
Haig
[PHP] MySql Injection advice
Hi everyone, I'm starting to experiment with an edit form and I am seeing the following behaviour: $fname = mysql_real_escape_string($fname); $lname = mysql_real_escape_string($lname); $sql = UPDATE phonedir SET fname = '$fname',lname = '$lname' WHERE id=$id; $result = mysql_query($sql); echo mysql_error() . \n; This will result in the addition of the slashes. If I do the following, there are no slashes. Just wondering if I'm on the right path with the 1st code set.. $sql = UPDATE phonedir SET fname = '.mysql_real_escape_string($fname).',lname = '.mysql_real_escape_string($lname).' WHERE id=$id; $result = mysql_query($sql); echo mysql_error() . \n; Cheers Haig
Re: [PHP] MySql Injection advice
On July 10, 2009 11:26:04 pm Haig Dedeyan wrote: Haig Dedeyan wrote: Hi everyone, I'm starting to experiment with an edit form and I am seeing the following behaviour: $fname = mysql_real_escape_string($fname); $lname = mysql_real_escape_string($lname); $sql = UPDATE phonedir SET fname = '$fname',lname = '$lname' WHERE id=$id; $result = mysql_query($sql); echo mysql_error() . \n; This will result in the addition of the slashes. If I do the following, there are no slashes. Just wondering if I'm on the right path with the 1st code set.. $sql = UPDATE phonedir SET fname = '.mysql_real_escape_string($fname).',lname = '.mysql_real_escape_string($lname).' WHERE id=$id; $result = mysql_query($sql); echo mysql_error() . \n; Cheers Haig I highly recommend you switch to prepared statements and not use mysql_real_escape_string Prepared statements is the right way, and you don't end up with slashes. http://dev.mysql.com/tech-resources/articles/4.1/prepared-statements.html Thanks Michael. I didn't know about prepared statements, I'll check this out and see how it works out. Cheers Haig
[PHP] Flow chart tool
Hi everyone, is there a software that will create a flow chart indicating what php pages are using what tables in a MySql dbase? Haig -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Flow chart tool
Ashley Sheridan wrote: On Wed, 2008-10-08 at 18:45 -0400, Haig Dedeyan wrote: Hi everyone, is there a software that will create a flow chart indicating what php pages are using what tables in a MySql dbase? Haig To my knowledge no such software exists. You could include an extra bit of code in each of your pages to make an entry in your MySQL database, but i'm guessing that for you this goes beyond what you are looking for. Ash www.ashleysheridan.co.uk Thanks Ash. I was hoping to avoid that route. I guess I can write a script to scan all my pages and whatever table reference it finds, it can flag it for me and then I can make the flowchart myself. Haig -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Google Chrome
On September 2, 2008 09:36:42 pm Haig Dedeyan wrote: On September 2, 2008 09:33:30 pm Haig Dedeyan wrote: On Wed, Sep 3, 2008 at 2:12 AM, Haig Dedeyan [EMAIL PROTECTED] wrote: On September 2, 2008 05:56:23 pm Haig Dedeyan wrote: Does anyone know what this implies? It's the 2nd section from their license agreement: By submitting, posting or displaying the content you give Google a perpetual, irrevocable, worldwide, royalty-free, and non-exclusive license to reproduce, adapt, modify, translate, publish, publicly perform, publicly display and distribute any content which you submit, post or display on or through, the services. This license is for the sole purpose of enabling Google to display, distribute and promote the services and may be revoked for certain services as defined in the additional terms of those services. What they call displaying content? because I as website owner never agreed with this licence! I'm hoping that all this means is that they if you post something positive about chrome on some forum/blog, they can use it. Which begs the question, how would they know what I post. Haig Looks like Google is changing their EULA: http://www.networkworld.com/news/2008/090308-google-amends-chrome-license-agreement.html Haig Haig Mouse wheel works fine for me. - Original Message - From: Douglas Temple [EMAIL PROTECTED] To: Robert Cummings [EMAIL PROTECTED] Cc: php-general@lists.php.net Date: Tue, 2 Sep 2008 21:04:30 +0100 Subject: Re: [PHP] Google Chrome Beta or not, it's still amazingly fast. Despite the fact you can't scroll up with the mouse wheel... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Google Chrome
On September 2, 2008 05:56:23 pm Haig Dedeyan wrote: Does anyone know what this implies? It's the 2nd section from their license agreement: By submitting, posting or displaying the content you give Google a perpetual, irrevocable, worldwide, royalty-free, and non-exclusive license to reproduce, adapt, modify, translate, publish, publicly perform, publicly display and distribute any content which you submit, post or display on or through, the services. This license is for the sole purpose of enabling Google to display, distribute and promote the services and may be revoked for certain services as defined in the additional terms of those services. Haig Mouse wheel works fine for me. - Original Message - From: Douglas Temple [EMAIL PROTECTED] To: Robert Cummings [EMAIL PROTECTED] Cc: php-general@lists.php.net Date: Tue, 2 Sep 2008 21:04:30 +0100 Subject: Re: [PHP] Google Chrome Beta or not, it's still amazingly fast. Despite the fact you can't scroll up with the mouse wheel... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Google Chrome
On September 2, 2008 09:33:30 pm Haig Dedeyan wrote: On Wed, Sep 3, 2008 at 2:12 AM, Haig Dedeyan [EMAIL PROTECTED] wrote: On September 2, 2008 05:56:23 pm Haig Dedeyan wrote: Does anyone know what this implies? It's the 2nd section from their license agreement: By submitting, posting or displaying the content you give Google a perpetual, irrevocable, worldwide, royalty-free, and non-exclusive license to reproduce, adapt, modify, translate, publish, publicly perform, publicly display and distribute any content which you submit, post or display on or through, the services. This license is for the sole purpose of enabling Google to display, distribute and promote the services and may be revoked for certain services as defined in the additional terms of those services. What they call displaying content? because I as website owner never agreed with this licence! I'm hoping that all this means is that they if you post something positive about chrome on some forum/blog, they can use it. Which begs the question, how would they know what I post. Haig Haig Mouse wheel works fine for me. - Original Message - From: Douglas Temple [EMAIL PROTECTED] To: Robert Cummings [EMAIL PROTECTED] Cc: php-general@lists.php.net Date: Tue, 2 Sep 2008 21:04:30 +0100 Subject: Re: [PHP] Google Chrome Beta or not, it's still amazingly fast. Despite the fact you can't scroll up with the mouse wheel... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] WAMP servers
http://apache2triad.net/ is also good. Haig Ashley M. Kirchner wrote: Rod Clay wrote: Hello. Does anyone use a WAMP server? And, if so, have you found one to be better than another? I am using a WAMP server entitled, aptly enough, WampServer (formerly WAMP5). In the few weeks I have been using it, I frequently get messages that a certain library or routine cannot be found. My question therefore is: do these WAMP servers typically come with all of the php libraries and subroutines that are most commonly needed? I have the impression that this WAMP server does not have some of the libraries and subroutines I need (or would very much benefit from having, anyway). Thanks for any information you can give me about WAMP servers. Rod Clay [EMAIL PROTECTED] Don't know anything about WAMP, but I run XAMPP on my laptop. http://www.apachefriends.org/en/xampp-windows.html -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] export to csv
Jim Lucas [EMAIL PROTECTED] wrote: Haig (Home) wrote:
Hi everyone, I have a small problem when exporting mysql into csv format.
The export works fine. The problem is, if the mysql table has a carriage
return, opening the csv file in excel will display a square box where the
carriage return is.
Displaying the table on a web page is fine.
Thanks for any help.
Haig
$csv_output = 'column1';
$csv_output .= \015\012;
$result = mysql_query(select * from table);
while($row = mysql_fetch_array($result))
{
$csv_output .= ''.$row[column1].'';
In a more recent post, the op asked a question that is related to this,
in a way.
Here is what I think your solution would look like
$data = preg_replace(!\r\n|\n|\r!, \r\n, $row['column1']);
$csv_output .= '' . $data . '';
Reason being is that Windows uses \r\n for line endings. More than
likely you are outputting \n This would cause windows to display one
of those funky boxes that you are talking about.
PS. be sure and use quotes around your array key names, otherwise you
might cause a PHP Notice on different systems.
$csv_output .= \015\012;
}
header(Content-type: application/vnd.ms-excel);
header(Content-disposition: attachment; filename= .
date(Y-m-d)._my_report..csv);
print $csv_output;
exit;
mysql_close();
}
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Thanks Jim. That did the trick.
Haig
-
Be smarter than spam. See how smart SpamGuard is at giving junk email the boot
with the All-new Yahoo! Mail
Re: [PHP] Can't link image directory?
Sorry for the lack of information.
I also was wrong about the subdirectory name. It's Images and not
Image
The workstation is running WinXP Pro while PHP 5 Apache 2 are on Suse
10.1.
I also installed apache2 php5 on a WinXP Pro system and the same
problem occurs.
I have tried 7 workstations and they are all giving the same problem.
Whether the subdirectory is Images or images, it makes no
difference, the problem is still there.
Once I rename that images or Images directory, all is fine.
Here's the code:
?php
$path = '//path to directory/';
$dir_handle = opendir($path) or die(Unable to open $path);
$paths = array();
while ($file = readdir($dir_handle))
{
if(!is_dir($file))
{
$paths[] = $path$file;
}
}
closedir($dir_handle);
sort($paths);
echo 'ul';
$x=0;
foreach ($paths as $link) {
$show = substr($link,strrpos($link, '/')+1);
echo lia href= 'file://$paths[$x]'$show/a/li\n;
$x++;
}
echo '/ul';
?
On 5/18/07, Tijnema ! [EMAIL PROTECTED]
http://ca.f622.mail.yahoo.com/ym/[EMAIL PROTECTED]YY=7077y
5beta=yesy5beta=yesorder=downsort=datepos=0view=ahead=b wrote:
On 5/18/07, Haig (Home) [EMAIL PROTECTED]
http://ca.f622.mail.yahoo.com/ym/[EMAIL PROTECTED]YY=70
77y5beta=yesy5beta=yesorder=downsort=datepos=0view=ahead=b
wrote:
Hi everyone,
I have a simple script that scans a directory and will output a
list of
sub
directories as a hyperlink.
Script is working fine. Only problem I have is that if there is a
subdirectory called Image, my script won't see it. If I rename
that
subdirectory to anything else, it will see it.
If I use a standard href line to link that image subdirectory,
that's
fine
but then it won't show up alphabetically when the other folders are
linked.
Any ideas?
Haig
We can't guess what you did wrong, show us relevant parts of your
code.
Tijnema
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
I'm guessing that it's just a typo, but are Image (first mention)
and
image (all lower-case, second mention) actually the exact same
directory?
Remember, all POSIX-based systems (*nix, Linux, BSD, MacOS) are all
cAsE-sEnSiTiVe.
Also, in addition to Tijnema's request, please supply your basic
server
configuration (WIMP, LAMP, et cetera). For example:
Linux (Redhat 7.1)
Apache 1.3.37
MySQL 3.23
PHP 3.4.4
Just *please* don't tell me you have that configuration! ;-P
--
Daniel P. Brown
[office] (570-) 587-7080 Ext. 272
[mobile] (570-) 766-8107
RE: [PHP] Can't link image directory?
shows me the subdirectories that exist in the directory I configure the script for, but no further levels of subdirectories as it stands. That could be modified *very* easily, but that's a different matter. On my system, it shows /images without a problem, which more or less adds to my initial suspicion --- check your httpd.conf file for Apache and make sure that directories matching a regexp'ed images (or similar) are not blocked from serving. -- Daniel P. Brown [office] (570-) 587-7080 Ext. 272 [mobile] (570-) 766-8107 Tijnema ! ...At last, why are you using file:// in your link? You're using a webserver to display the contents, but file:// links to files on the local hard drive. Unless the server is running on the same machine you're visiting the site with, it will fail to point to the right file. Thanks guys. Httpd.conf was blocking it from serving. I do only want to link the subdirectories and not the files within each directory, which is why I'm using that script. If I remove the ! character from the is_dir() command, I get a link for . And .. if a workstations ever switches to a flavour of linux. @ Tijnema ! You're correct, I didn't need to use file:
