Jump to content

Is this page-fetcher safe?


selbekk

Recommended Posts

I have a quick question... havent done php in ages, and now im trying to write a code snippet that fetches the correct page, and includes it in the main web page. Would this be safe, or could people hack it very easily?

<?php
	if(isset($_GET['page'])) { // If page is requested in url, fetch it

		$pages = array("home", "aboutme", "projects", "resume", "contact"); // Lists accepted pages in array
		if in_array(($_GET['page']), $pages) {
			include_once($_GET['page'].".php");  // If page requested is in the array, include page
		} else echo "I am sorry, I could not find the requested page on the server. Please try again.";
	?>

 

thanks =)

 

 

Link to comment
https://forums.phpfreaks.com/topic/101256-is-this-page-fetcher-safe/
Share on other sites

Otherwise this is what I have after my isset()

$file = $page . ".php";
if (!file_exists($file)) {
$page = "main";
}

 

For mine I don't tell them that there is an error finding the page (I don't have enough pages to worry about dead links), I just redirect to my home page.

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.