PHP/File Directory/realpath

 
$filename = realpath("/usr/local/data/$_POST[user]");
if ("/usr/local/data/" == substr($filename, 0, 16)) {
    print "User profile for " . htmlentities($_POST["user"]) .": <br/>";
    print file_get_contents($filename);
} else {
    print "Invalid user entered.";
}

 
<?php
     $imgPath = "../cover.gif";
     $absolutePath = realpath($imgPath); 
     echo $absolutePath;
?>