Secure Inclusion Of PHP Code

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
kkonline
Forum Contributor
Posts: 251
Joined: Thu Aug 16, 2007 12:54 am

Secure Inclusion Of PHP Code

Post by kkonline »

Hi there,
I am currently working with a php file. The php tags <? are open

and in between there is a piece of php which i want to include in the main file. suppose

Code: Select all

$query = "INSERT INTO upload (name, size, type, content ) ".
		         "VALUES ('$fileName', '$fileSize', '$fileType', '$content')";
is the code which is to be included. As I would need to change that query again so that's why i want to include it separate.

Now my question is with what extension should I save the file having $query = "INSERT INTO upload (name, size, type, content ) ".
"VALUES ('$fileName', '$fileSize', '$fileType', '$content')";
so that i can include it in the main file.

Is it ok to include file with <?php some data ?> into another file where the php tags are open?
If not then with what extension should i store the data mentioned above so user cannot see it. wen he types into the browser.?

The main concern is that if the user writes the name of the file which has data to be included then it should not be able to read it.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

Have you read the include() documentation?
Post Reply