Trying to hack your site/script using different types of injections. I think they sometimes rely on incorrect server setup. Some servers would treat image.txt as php or perl file, and "execute" its contents.

>> nd how i can prevent it?

You have to make sure that you clean all user input, so in this case, it would be your category GET variable. Make sure that it can only contain what it should contain, and make sure that someone who, after some experimentation, cannot transverse your file system or include outside material that would be harmful.

i use this little php script to cut out any requests for pages which include =http

if(stristr($_SERVER['REQUEST_URI'],'=http')){
header('HTTP/1.1 503 Service Unavailable');
print("<html><head>\n");
print("<title>Error</title>\n");
print("</head><body>\n");
print("<p>This page has been left intentionally blank.</p>\n");
print("</body></html>\n");
exit;}