Jump to content

protecting includes?

aebstract

By aebstract
in PHP Coding Help

 Share

Recommended Posts

aebstract Advanced Member

aebstract

Posted
Posted
I have been told lately that it is possbile for some hackers to get in to servers and stuff through include systems. Could anyone help out telling potential ways to make an include safe so that someone can't do anything with it through url or anything? Thanks.
Link to comment
Share on other sites
wildteen88 Regular Member

wildteen88

Posted
Posted
When you are including files, make sure you the file you are including actually exists on your server, and use your servers document root when including files, espcially when doing somthing like this:
[code=php:0]$page = $_GET['page']

include $_GET['page']. '.php';[/code]


So rather than doing the above do this:
[code=php:0]$page = $_GET['page'];
// check that the files exists first
if(file_exists('http://www.site.com/' . $page . '.php'))
{
  // if it does include it
  include $_SERVER['DOCUMENT_ROOT'] . $page . '.php';
}
// file doesnt exists, hakcing attempt!
else
{
    die('<h1>hacking attempt</h1>');
}[/code]


That isnt the best way of doing it, but is just a quick example.
Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.