anatak Posted November 13, 2008 Share Posted November 13, 2008 Is it possible to do an include with a path variable and file name in the part between quotes ? example I have a path variable $_SESSION['path'] and I would like to include $_SESSION['path']; include"rotate.inc"; include"stylesheet.inc"; this works $_SESSION['path']; $file=$_SESSION['path'].'rotate.inc'; include"$file"; I would like something like include"$_SESSION['path']rotate.inc"; but I can not get it to work. kind regards anatak How can I do this so I don't have to create a variable for rotate.inc and stylesheet.inc ? Link to comment https://forums.phpfreaks.com/topic/132553-include-with-a-path-variable/ Share on other sites More sharing options...
Mchl Posted November 13, 2008 Share Posted November 13, 2008 Two ways at least: include $_SESSION['path']."rotate.inc"; include "{$_SESSION['path']}rotate.inc"; Also make sure, that you've checked the path variable. It's potentially vulnerable for XSS attack. Link to comment https://forums.phpfreaks.com/topic/132553-include-with-a-path-variable/#findComment-689273 Share on other sites More sharing options...
premiso Posted November 13, 2008 Share Posted November 13, 2008 Two ways at least: include $_SESSION['path']."rotate.inc"; include "{$_SESSION['path']}rotate.inc"; Also make sure, that you've checked the path variable. It's potentially vulnerable for XSS attack. One way to check would be using the file_exists. If the file exists, chances are you are not getting XSS attacked. If it does not, you probably are. Link to comment https://forums.phpfreaks.com/topic/132553-include-with-a-path-variable/#findComment-689321 Share on other sites More sharing options...
anatak Posted November 13, 2008 Author Share Posted November 13, 2008 Hey premiso and Mchl, Thank you for the answers and the hint. I need this session path variable because of the file structure. /dir function /rotate.inc /dir public_html (webroot) /dir www (pc version of site) index_mobile.php /dir mobile (mobile version of site) index.php (require to index_public.php) /image (dir with all the graphic files and images /index_www.php /index_mobile.php after reading the php security tutorial I wanted to stop outside file access. I want to be able to use the functions in dir function with the mobile and the pc version (I don't want to maintain the functions separatly) and I also wanted to be able to use 1 folder for all the image files. to check against XSS attacks would something like this work ? if file_exists($_SESSION['path']."rotate.inc"){include $_SESSION['path']."rotate.inc";} thank you anatak Link to comment https://forums.phpfreaks.com/topic/132553-include-with-a-path-variable/#findComment-689696 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.