runnerjp Posted April 6, 2008 Share Posted April 6, 2008 hey guys i use this <?php if (isset($_GET['section'])) { $section = $_GET['section']; } else { $section = 'main'; } $file = "include/".$section.".php"; if (file_exists($file)) { require($file); } ?> but i dnt seem to think its secure lol Quote Link to comment Share on other sites More sharing options...
crashmaster Posted April 6, 2008 Share Posted April 6, 2008 <? $page = $_GET['page']; if (ereg('[A-Za-z0-9]',$page) ) { if (file_exists('pages/'.$page.'.php')) { include('pages/'.$page.'.php'); } else { include('pages/main.php'); } } else { include('pages/main.php'); } ?> Quote Link to comment Share on other sites More sharing options...
runnerjp Posted April 6, 2008 Author Share Posted April 6, 2008 hey how does it work... do i just make a file pages and add it to there then make my ural like ???? Quote Link to comment Share on other sites More sharing options...
crashmaster Posted April 6, 2008 Share Posted April 6, 2008 no.. For example: You have folder "pages". In this folder you have several PHP files: pages/main.php pages/news.php pages/compare.php To call this files you have to call it thru URL : index.php?page=main or index.php?page=news or index.php?page=compare All files should have *.php extension. The name of file should consists only from A-Z a-z 0-9 Quote Link to comment Share on other sites More sharing options...
runnerjp Posted April 7, 2008 Author Share Posted April 7, 2008 will this be secure enough?? Quote Link to comment Share on other sites More sharing options...
GingerRobot Posted April 7, 2008 Share Posted April 7, 2008 Yes - as long as you are happy that all files in the given directory are accessible. Quote Link to comment Share on other sites More sharing options...
runnerjp Posted April 7, 2008 Author Share Posted April 7, 2008 oh yes very much so...could i ask why my old 1 was not?? so i can learn from my mistake hehe Quote Link to comment Share on other sites More sharing options...
GingerRobot Posted April 7, 2008 Share Posted April 7, 2008 By allowing any characters, you would allow people to include files from anywhere. Consider the following input: ../somefile This would allow the user to include somefile.php in the directory below include. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.