Hey guys, I am still very new to php, but I found the code
ini_set('include_path', '');
switch ($_GET['get']) {
case 'legal':
include('legal/legal.php');
break;
default:
include('error.php');
break;
}
that turned my URL into something like
"http://localhost/index.php?get=legal"
but my problem is that it only links one page, what would I need to do if I wanted the "http://localhost/index.php?get=" to open a file inside
"bin/test/file.php" dirctory? that might look something like
"http://localhost/index.php?get=bin&keyword=file"
I hope that makes sanse.
Thanks guys
php URL Query String
Moderator: General Moderators
you have to be very careful if you allow users to determine the file that is read/executed.
At least do something likea more pessimistic version is to define a set of allowed files and only include the requetsed document if its name is in that set
At least do something like
Code: Select all
<?php
if ( isset($_GET['get']) && !empty($_GET['get']) )
$requestedFile = basename($_GET['get']);
if(strlen(@$requestedFile) == 0 || !is_file($requestedFile))
$requestedFile = 'error.php';
include($requestedFile);
?>Code: Select all
<php
$allowedDocuments = array(
'docA.php', 'docB.php',
'docC.php', 'docD.php'
);
if ( !isset($_GET['get']) || !in_array($allowedDocuments, $_GET['get']) )
$requestedFile = 'error.php';
else
$requestedFile = $_GET['get'];
include($requestedFile);
?>