I want to write a function to check
whether string $A is a prefix for string $B or not.

I writing this function in order to prevent directory traversal
during a download request. (e.g., download.php?file=..\index.php)

I want to make sure that the realpath() of the requested file is
within the realpath() of the download-directory. Trying to make
sure that the the $download_dir is a prefix for $filepath.

@see: http://en.wikipedia.org/wiki/Directory_traversal
**
*TWO FUNCTIONS:*

function is_prefix1($prefix, $str) {
return (0 == strncasecmp($prefix, $str, strlen($prefix)));
}

function is_prefix2($prefix, $str) {
return (0 === stripos($str, $prefix));
}
*USAGE:*
if (is_prefix1('a', 'abcdef'))
echo 'prefix1 returned True!', '<br />';

if (is_prefix2('a', 'abcdef'))
echo 'prefix2 returned True!', '<br />';

------------------------
Do these functions do the same job?
Which one provides better performance?

-behzad

2007. 12. 29, szombat keltezéssel 13.39-kor AmirBehzad Eslami ezt Ã*rta:

if (strpos($B, $A) === 0) {
echo '$B begins with $A';
} else {
echo '$B does not begin with $A';
}

greets
Zoltán Németh

You should benchmark and tell us - anyway, just looking at the code, I'd
say 'is_prefix2()' is faster since there's 1 function call instead of 2

--
Antinori and Partners - http://www.antinoriandpartners.com
PHP solutions - in Italy

2007. 12. 29, szombat keltezéssel 15.36-kor AmirBehzad Eslami ezt Ã*rta:

ehh, sorry I did not read your mail carefully before replying... must be
because it's saturday but I have to work

your function is_prefix2() is almost the same as what I've written. I
think that would be better, but that's just personal taste, actually I
don't think there would be significant difference in performance between
the two functions.
greets Zoltán Németh