How do i get the name of the image without the extension at the end ex. (.jpg) i got this code


function get_image($id="1") {
    <img class="img-responsive img-portfolio img-hover" name="picture" src="images/gallery/<?= urldecode(base64_decode($id)); ?>" alt="">


    <form action="" method="POST">
        <div class="col-lg-12">
                get_image($imageID); // $imageID is read from database

Sorry my mistake the variable $imageID is not taken from database its $_GET Method from URL in another function:

function img($path) {
    $folder = "images/$path";
    $i = 0;
    if (is_dir($folder)) {
        if ($handle = opendir($folder)) {
            while (($file = readdir($handle)) != FALSE) {
                if ($file === "." || $file === ".." || $file === "index.html") { continue; }

                    <div class="col-md-4 img-portfolio">
                        <a href="pictures.php?imageID=<?= base64_encode($file); ?>">
                            <img class="img-responsive img-hover" src="<?= $folder ?>/<?= $file ?>" style="width: 350px;
                            height: 350px;" alt="">


and than passed in pictures.php file as
<?php $imageID = $_GET["imageID"]; ?>

Hi! You can use pathinfo() or a directory iterator:

$ext = pathinfo($file)['extension'];

BUT right now the img() function can, potentially, allow the access to the contents of any directory on the server, by adding ../ to the variable, as example you can write the following and access /etc/:


It depends on the position of the document root in the file system. You could use an integer and make sure it's valid, for example:

$imageID = filter_input(INPUT_GET, 'imageID', FILTER_VALIDATE_INT, ['options' => ['default' => NULL]]);

if(TRUE === is_null($imageID))
    # redirect or show 404

# continue if $imageID is valid

See also:

commented: thank you @cereal +2