Jump to content


Photo

Is it safe too....


  • Please log in to reply
3 replies to this topic

#1 anthonydamasco

anthonydamasco
  • Members
  • PipPipPip
  • Advanced Member
  • 92 posts

Posted 05 September 2006 - 01:59 PM

I have quick question, when using sessions, is it safe to use "include.html"

For example if I wanted to make a control panel for my users instead of converting html into a big slash quote mess using an echo, I would just design a "controlpanel.html" and use it to add and remove information, now as long as I have sessions checking the user information

 if (!isset($_SESSION['checker']))
{
   die ('you are not logged in!');
}
would there be problems with people bypassing the login if they knew my controlpanel.html page?

#2 HuggieBear

HuggieBear
  • Members
  • PipPipPip
  • Advanced Member
  • 1,899 posts
  • LocationEngland, UK

Posted 05 September 2006 - 02:03 PM

Not if you included that code on the controlpanel.html file too.

Give it a .php extension and away you go!

Rich
Advice to MySQL users: Get phpMyAdmin and test your queries work there first, take half the hassle out of diagnosis, also check the reserved words list.

Links: PHP Docs :: RegEx's :: MySQL :: DevGuru :: w3schools

#3 wildteen88

wildteen88
  • Staff Alumni
  • Advanced Member
  • 10,482 posts
  • LocationUK, Bournemouth

Posted 05 September 2006 - 02:19 PM

If you dont want to add aslashes to quotes in your echo statement. Use the HEREDOC syntax. You can put anythink into a HEREDOC statement without having to escape characters. If you use PHP variables in heredoc make sure you wrap the variable up in curly braces, eg: {$var_name}

ALso if you are including a file that doesnt have a php extension and has PHP code in it. PHP will treat that file as a PHP file and will parse the code in that file.


#4 anthonydamasco

anthonydamasco
  • Members
  • PipPipPip
  • Advanced Member
  • 92 posts

Posted 05 September 2006 - 06:30 PM

thank you for the advice  :D




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users