Jump to content

Archived

This topic is now archived and is closed to further replies.

aebstract

protecting includes?

Recommended Posts

I have been told lately that it is possbile for some hackers to get in to servers and stuff through include systems. Could anyone help out telling potential ways to make an include safe so that someone can't do anything with it through url or anything? Thanks.

Share this post


Link to post
Share on other sites
When you are including files, make sure you the file you are including actually exists on your server, and use your servers document root when including files, espcially when doing somthing like this:
[code=php:0]$page = $_GET['page']

include $_GET['page']. '.php';[/code]


So rather than doing the above do this:
[code=php:0]$page = $_GET['page'];
// check that the files exists first
if(file_exists('http://www.site.com/' . $page . '.php'))
{
  // if it does include it
  include $_SERVER['DOCUMENT_ROOT'] . $page . '.php';
}
// file doesnt exists, hakcing attempt!
else
{
    die('<h1>hacking attempt</h1>');
}[/code]


That isnt the best way of doing it, but is just a quick example.

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.