include dynamicly

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
peppelorum
Forum Newbie
Posts: 12
Joined: Sun Jul 21, 2002 3:19 pm
Location: Leksand, Sweden

include dynamicly

Post by peppelorum »

trying to include a file dynamicly, but doesnt work.

Code: Select all

$file = $_GETї'file'];

if ($file) include($file);
and the message I gets is:
"Warning: mysql_query(): supplied argument is not a valid MySQL-Link resource in C:\Inetpub\wwwroot\svartfolk-php\eforum.php on line 11"

the file I'm trying to include is in the same folder as the script and contains some php..
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

what is the connection between the include and your mysql-connection?
User avatar
twigletmac
Her Royal Site Adminness
Posts: 5371
Joined: Tue Apr 23, 2002 2:21 am
Location: Essex, UK

Post by twigletmac »

What's on lines 1-11 C:\Inetpub\wwwroot\svartfolk-php\eforum.php? In other words, what do the lines where the error (to do with your MySQL connection as volka pointed out) is occuring look like. We can't help you if you don't give us all the information.

Mac
User avatar
peppelorum
Forum Newbie
Posts: 12
Joined: Sun Jul 21, 2002 3:19 pm
Location: Leksand, Sweden

Post by peppelorum »

ehm, forgot to include the file that opened the db, so that is fixed. but another question, is there anything you should think when it comes to dynamic includes, security issues etc?
User avatar
twigletmac
Her Royal Site Adminness
Posts: 5371
Joined: Tue Apr 23, 2002 2:21 am
Location: Essex, UK

Post by twigletmac »

Just make sure that you aren't going to be allowing people to open any file they like. Basically have something, a switch, if statement, entries in a database, whatever, that allows you to decide whether the content to be included should be allowed.

Mac
User avatar
haagen
Forum Commoner
Posts: 79
Joined: Thu Jul 11, 2002 3:57 pm
Location: Sweden, Lund

Post by haagen »

Isn't there a php-function that'll check the file path. So you can force the files to reside in (for example) /home/haagen.

So this would fail:

Code: Select all

$file="../../etc/passwd";
$path = "/home/haagen/";

if(php_check_func("$file$path"))
   include("$file$path");
/home/haagen/../../etc/passwd == /etc/passwd

I've seen this terrible code in real life :?
Galahad
Forum Contributor
Posts: 111
Joined: Fri Jun 14, 2002 5:50 pm

Post by Galahad »

I don't know if such a function exists, but it doesn't seem like it would be that hard to write yourself. The switch statement may be simpler, although less flexible.
User avatar
haagen
Forum Commoner
Posts: 79
Joined: Thu Jul 11, 2002 3:57 pm
Location: Sweden, Lund

Post by haagen »

I made a quick look and found the function. And it wasn't as I remebered. It is realpath($path) and it extracts the path I mention above to /etc/passwd.

I good to have function 8) <- i like these
Post Reply