Originally posted by bike5
you can't match for "../" and not execute if any of that was found?
Maybe set up a database to hold the files name and path to it, then use the GET var. to get the name from the database, and use the path of the matched name inside the database. Then if they type somthing other then a name inside the database, no record for the path will be found.
I set up a preg_match like this:
$chkMatch = preg_match("/\/../", $path);
It doesn't show the escaping slash just inside the double quote marks.
As for using the DB, I mentioned that to the project manager, however he did not want to do that. He said that he wants it to where the files can be dropped in the directory and no intervention has to take place.
There are multiple directories to go through, like "2005" and then "January 2005." From the month they pick the pdf file they want.
