aebstract Posted July 21, 2006 Share Posted July 21, 2006 I have been told lately that it is possbile for some hackers to get in to servers and stuff through include systems. Could anyone help out telling potential ways to make an include safe so that someone can't do anything with it through url or anything? Thanks. Link to comment https://forums.phpfreaks.com/topic/15263-protecting-includes/ Share on other sites More sharing options...
wildteen88 Posted July 21, 2006 Share Posted July 21, 2006 When you are including files, make sure you the file you are including actually exists on your server, and use your servers document root when including files, espcially when doing somthing like this:[code=php:0]$page = $_GET['page']include $_GET['page']. '.php';[/code]So rather than doing the above do this:[code=php:0]$page = $_GET['page'];// check that the files exists firstif(file_exists('http://www.site.com/' . $page . '.php')){ // if it does include it include $_SERVER['DOCUMENT_ROOT'] . $page . '.php';}// file doesnt exists, hakcing attempt!else{ die('<h1>hacking attempt</h1>');}[/code]That isnt the best way of doing it, but is just a quick example. Link to comment https://forums.phpfreaks.com/topic/15263-protecting-includes/#findComment-61666 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.