aebstract Posted July 21, 2006 Share Posted July 21, 2006 I have been told lately that it is possbile for some hackers to get in to servers and stuff through include systems. Could anyone help out telling potential ways to make an include safe so that someone can't do anything with it through url or anything? Thanks. Quote Link to comment https://forums.phpfreaks.com/topic/15263-protecting-includes/ Share on other sites More sharing options...
wildteen88 Posted July 21, 2006 Share Posted July 21, 2006 When you are including files, make sure you the file you are including actually exists on your server, and use your servers document root when including files, espcially when doing somthing like this:[code=php:0]$page = $_GET['page']include $_GET['page']. '.php';[/code]So rather than doing the above do this:[code=php:0]$page = $_GET['page'];// check that the files exists firstif(file_exists('http://www.site.com/' . $page . '.php')){ // if it does include it include $_SERVER['DOCUMENT_ROOT'] . $page . '.php';}// file doesnt exists, hakcing attempt!else{ die('<h1>hacking attempt</h1>');}[/code]That isnt the best way of doing it, but is just a quick example. Quote Link to comment https://forums.phpfreaks.com/topic/15263-protecting-includes/#findComment-61666 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.