PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read: [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]
OK - I have a small problem but it's bugging me out.
The little script I'm using is
<?php
if (@$a) {
include "".$a.".inc";
} else {
include "".main.".inc";
}
?>
First of all and I think I should ask these questions one at a time and get the answer for the fists one before asking the second.
Thats for my own benifit, so I don't get confused.
Question 1: In this script if the value for $a does not exist does the script then load main.php or does it only load main.php when the variable is not pass.
and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read: [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]
$Ext = '.php';
// I would like to note again..
// $_GET['a'] Also Should be Filtered/Escaped/Checked
if(!empty($_GET['a']) && file_exists($_GET['a'] . $Ext){
include($_GET['a'] . $Ext);
}else{
include('main.inc');
}
If i go to your site, i could easily put sitename.com/index.php?a=../../anyfileiwant
OK Zoxive & feyd, I figured out why this was not working for me. I am using this on a new site that is based around a premade app that I wanted to use. When I tried your script Zoxive it did the same thing my own version did and when I tried on a site with out the premade app it worked fine. The reason was becasue I had to put the location in the file_exists function like this:
$Ext = '.php';
// I would like to note again..
// $_GET['a'] Also Should be Filtered/Escaped/Checked
if(!empty($_GET['a']) && file_exists("template/hhi/"$_GET['a'] . $Ext){
include($_GET['a'] . $Ext);
}else{
include('main.inc');
}
This was because the index.php file was in wwwroot/or/ and the value's for $a where in wwwroot/or/template/hhi/
What I need to figure out is how to load the premade app into the wwwroot/ dir and load the $a values from there also.
I have yet acquired the ability to read minds. And know exactly how your structure of your website is to give you exact code.
On a serious note, we are here to help you learn, give advice and point you in the right direction. So when you get code examples here (IF you do, i was feeling generous today) most of the time you still need to tweak them to your apps.
Read that thread carefully. There are a lot of security topics covered in there, all of which you should use when allowing dynamic includes from user input.
A much more elegant solution would use file_exists() on the include file. An even more elegant solution wouldn't pass the filename via $_GET, but instead perhaps a number which indicates a specific file.
Set Search Time - A google chrome extension. When you search only results from the past year (or set time period) are displayed. Helps tremendously when using new technologies to avoid outdated results.