View file www/foto/a.php

<?php
$ap=mysql_escape_string(htmlspecialchars(trim($_GET['ap'])));
if(!preg_match('/.\/fail\/(.*)/',$ap))die('Попытка взлома!');

$x=intval($_GET['x']);
$y=intval($_GET['y']);
 echo '<center><img src="'.$ap.'" width="'.$x.'" height="'.$y.'"/></center>';
?>