Heya, Markus.
I'll answer your second question first. The double underscore is used when I know that a variable is "safe". In other words:
I know that I declared $__i somewhere in my code, and I know its value.
On the other hand:
-
function doSomething( $param )
-
When I use $param in my function, I know that I did not explicitly set the value, and I'm not 100% sure of its contents.
Generally, when I "safe" User input, I will prepend a single underscore. E.g.:
-
$_userID = (int) $userID;
-
The idea here is to never use 'unsafe' variables for sensitive operations. For example, I will never do this:
-
$__sql = "SELECT * FROM `table` WHERE `id` = '{$id}' LIMIT 1";
-
Instead, I will do this:
-
$_id = (int) $id;
-
$__sql = "SELECT * FROM `table` WHERE `id` = '{$_id}' LIMIT 1";
-
Now then.
My suggestion for your problem would be to create a showimage.php (or similarly-named script).
This file would take a URL as a parameter and output either the image data (don't forget to set the Content-Type header) or else a generic 'File Not Found' (or 'Deleted', etc.) image.
Something like this:
-
if( isset($_GET['image']) )
-
{
-
$imageData = loadImageFromDatabase($_GET['image']);
-
}
-
-
if( empty($imageData) )
-
{
-
$imageData =
-
array
-
(
-
'path' => 'path/to/not/found.jpg',
-
'type' => 'image/jpeg'
-
);
-
}
-
-
header("Content-Type: {$imageData['type']}");
-
readfile('/path/to/images/' . basename($imageData['path']));
-
The loadImageFromDatabase() function would look up the image in the database and return an empty array if the image was not found / deleted / etc.