Jump to content

[SOLVED] PHP Security Vulnerability

eRott

By eRott
in PHP Coding Help

 Share

Recommended Posts

eRott Member

eRott

Posted
Posted

Ok, So im looking for some information about the way I have a website setup. So basically, to avoid multiple files and multiple folders etc, I have decided to take advantage of PHP and simplify it all. So lets say I have on my website, 4 main categories/pages if you will. Those pages are:

 

Books

Music

Video

 

Now, under those categories I have sub pages, for example, under books, I would have pages which list Comedy books, Horror books, and romance novels. So instead of having multiple pages and folders like this:

 

books.php

music.php

video.php

books/comedy.php

books/horror.php

books/romance.php

music/rock.php

music/classical.php

music/jazz.php

video/action.php

video/adventure.php

video/oldies.php

 

I have decided to simplify it all. So instead, I have everything under one file. So for books, I have and show all the content for comedy books, romance novels, or horror novels, in the same php file. So in books.php some code would look like this:

 

<?php
$content = $_GET['c'];

if ($content == "comedy") {
echo "list of comedy books";
} elseif ($content == "horror") {
echo "list of horror books";
} elseif ($content == "romance") {
echo "list of romance books";
} else {
echo "welcome to the books section.";
}

?>

 

And then to display the appropriate content, the link would be formed like this:

 

http://www.domain.com/books.php?c=comedy

 

Now, my concern is, is it possible to enter some sort of coding in that URL variable to gain access to the website or do something malicious, (hack the website). Is this way secure, are there any problems with this type of content management? If so, is it possible to make it secure to be able to use it, or should i just make a bunch of different files?

 

Thanks for the help,

eRott

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.