prakash Posted June 7, 2007 Share Posted June 7, 2007 I am currently using following to include pages? <?php include($_GET["page"].".php"); ?> and the data will be passed in format of http://www.mysite.com/index.php?page=introduction but this script have some security issue as anyone can run it like http://www.mysite.com/index.php?page=http://www.someothersite.com/script/sample and it can be used for spamming. So could anyone let me know how to add security within the above script so that remote script couldn't be included like above. Thanks in advance. Quote Link to comment https://forums.phpfreaks.com/topic/54552-security-help-including-script-with-get/ Share on other sites More sharing options...
dymon Posted June 7, 2007 Share Posted June 7, 2007 Hi, if you have the list of existing pages for example in a database or in a txt file, when you get the variable $_GET['page'] check if this page exists in a list, if it's true then include it, if not then just show an error message. Dymon Quote Link to comment https://forums.phpfreaks.com/topic/54552-security-help-including-script-with-get/#findComment-269816 Share on other sites More sharing options...
prakash Posted June 7, 2007 Author Share Posted June 7, 2007 can't it be done with Regex or something like that to valid $_GET["page"] value?? Quote Link to comment https://forums.phpfreaks.com/topic/54552-security-help-including-script-with-get/#findComment-269817 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.