Why would you need to sanitize all URLs? I know you're never supposed to trust the client when it comes to field input, but is it that easy to access sensitive info on a shared host that you have to give URLs similar treatment to form data?
I really like the second method redhead provided btw, I wouldn't need to write up a page long switch() that way. ^.^
EDIT:
For anyone new that's lurking this topic and is interested, try this. (The value from the $_GET array is retrieved once you click the link).
Place this in a file like index.php
PHP Code:
<?php
/* Authentication can go here, but you would have to move
the following php to a new destination page since any failed check
would prevent index.php from showing anything */
switch($_GET['img']){
case "alarm":
header('Content-type: image/gif');
readfile('alarm.gif');
}
?>
<a href="http://localhost/test/index.php?img=alarm">Go</a>
Once clicked, you'll get
http://localhost/test/index.php?img=alarm showing in the address bar and actually leading to something *yay*, the "Go" link removed via the header, the orignal filename is now the page name on save, and no direct image path displays when you check the source of the gif. (Not that all of this is necessary with all the hotlink protection around, it's just fun to do
).