Safe include practices
Posted: Wed Sep 20, 2006 8:40 pm
Hi,
Just a quick question. Would you consider this method of including files safe? If not, what would you suggest?
Thanks for any and all comments.
klarinetking
EDIT: How much safer would it be if I were to use defines?
Just a quick question. Would you consider this method of including files safe? If not, what would you suggest?
Code: Select all
<?php
$pageIncPath = './inc/pages/';
$rootPath = './';
if ( isset($_GET['p']) && !empty($_GET['p']) )
{
if ( is_file($pageIncPath . $_GET['p'] . '.php') )
{
include ($pageIncPath . $_GET['p'] . '.php');
}
else
{
include ($pageIncPath . 'index.php');
}
}
else
{
include ($pageIncPath . 'index.php');
}
?>klarinetking
EDIT: How much safer would it be if I were to use defines?
Code: Select all
<?php
define('PAGE_INC_PATH', './inc/pages/');
$rootPath = './';
if ( isset($_GET['p']) && !empty($_GET['p']) )
{
if ( is_file(PAGE_INC_PATH . $_GET['p'] . '.php') )
{
include (PAGE_INC_PATH . $_GET['p'] . '.php');
}
else
{
include (PAGE_INC_PATH . 'index.php');
}
}
else
{
include (PAGE_INC_PATH . 'index.php');
}
?>