Forums Index » Computers » PHP » Include
Include
August 10th, 2005 15:28 #1 |
user
Registered: 20/07/05 @ 19:04
Posts: 160
|
The include function is a really interesting feature of php, but the problem is there are also some things you have to make to be sure people can't hack you using the include exploit.
//This is the basic way to input a include into a page.
<?PHP
include ("page.php" ;
?>
//This is an advanced way, nothing really different except that we use a var to include the page.
//You might see how the include feature is intresting for what we will attempt to do.
<?PHP
$page = "page.php";
include ($page);
?>
//So far we have seen we can use variable to include a page, but how would it be usefull?
//The thing is to put links that will give the name of the page to a var. Didnt't understand?
//SLOW MOTION.
//make a link, something like this.
<a href="linktothispage.php">go to this page</a>
//nothing intresting so far, but this -->linktothispage.php?p=thispagehere.php. You can simply do the following
<a href="?p=thispagehere.php>go to this page</a>
//and in the page you currently have this code
<?php
include ($p);
?>
//but the thing is, there is an exploit in the include, people could use it to get your password and username, to simply get rid of these risk, you'll only have to do the following.
<?PHP
if (file_exists($p))
include($p);
else
echo "This page doesn't exist";
?>
//You can also output the home page if you want to instead of echoing This page doesn't exist, just put include("home.php" instead of the echo line.
//Hope this help you. L8er
______________________
Techno-Science
|
| Back to top |
 
|
Forums Index » Computers » PHP » Include
Who's Browsing This Topic?
1 guest.
