prakash Posted June 7, 2007 Share Posted June 7, 2007 I am currently using following to include pages? <?php include($_GET["page"].".php"); ?> and the data will be passed in format of http://www.mysite.com/index.php?page=introduction but this script have some security issue as anyone can run it like http://www.mysite.com/index.php?page=http://www.someothersite.com/script/sample and it can be used for spamming. So could anyone let me know how to add security within the above script so that remote script couldn't be included like above. Thanks in advance. Link to comment https://forums.phpfreaks.com/topic/54552-security-help-including-script-with-get/ Share on other sites More sharing options...
dymon Posted June 7, 2007 Share Posted June 7, 2007 Hi, if you have the list of existing pages for example in a database or in a txt file, when you get the variable $_GET['page'] check if this page exists in a list, if it's true then include it, if not then just show an error message. Dymon Link to comment https://forums.phpfreaks.com/topic/54552-security-help-including-script-with-get/#findComment-269816 Share on other sites More sharing options...
prakash Posted June 7, 2007 Author Share Posted June 7, 2007 can't it be done with Regex or something like that to valid $_GET["page"] value?? Link to comment https://forums.phpfreaks.com/topic/54552-security-help-including-script-with-get/#findComment-269817 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.