Re: Passing a HTML variable to a PHP file using include — PHP Programming Language

You are here: Re: Passing a HTML variable to a PHP file using include « PHP Programming Language « IT news, forums, messages

Posted by punkstar on 09/19/06 06:25

I agree with Nick, you want to control what the user can and can't do
at all times, and it seems like you could be allowing the user to
choose php files on your server, to edit or execute, both of which
could be used to take advantage of your application.

Nick

Nick DeNardis wrote:
> You are probably going to want to check the variable before shoving it
> into the include, the URL looks a little suspicious with the ".php"'s
> on in the get variables, it is not wrong but you may want to prevent
> anyone from trying to take advantage of your script.
>
> Something like this may suit you better:
>
> <?php
> // Create the include list
> $includes = array();
> // Fill it with the GET variables requested
> $includes[] = trim($_GET['var1']);
> $includes[] = trim($_GET['var2']);
> // Loop through each file to include, verify it and include it
> foreach($includes as $file)
> if ($file != '' && is_file($file . '.php'))
> include($file . '.php');
> ?>
>
> Dave Kelly wrote:
> > From a html page menu I need to pass 2 variables.
> >
> > <a
> > href="signup.php?var1=list-PINSS.php&var2=blurb-PINSS.php"><h3>Padre
> > Island National Sea Shore</h3></a><br>
> >
> > These go to a php web page and are used thusly.
> >
> > <?php include ($_SERVER["var2"]); ?> //this is line 3
> > <?php include ($_SERVER["var1"]); ?> // line 5
> >
> > I am getting these error:
> >
> >
> > Notice: Undefined index: var2 in
> > /var/www/vhosts/texasflyfishers.org/httpdocs/signup.php on line 3
> >
> > Warning: main(): Failed opening '' for inclusion
> > (include_path='.:/usr/share/pear') in
> > /var/www/vhosts/texasflyfishers.org/httpdocs/signup.php on line 3
> >
> >
> > Notice: Undefined index: var1 in
> > /var/www/vhosts/texasflyfishers.org/httpdocs/signup.php on line 5
> >
> > Warning: main(): Failed opening '' for inclusion
> > (include_path='.:/usr/share/pear') in
> > /var/www/vhosts/texasflyfishers.org/httpdocs/signup.php on line 5
> >
> > What am I doing wrong?
> >
> > TIA
> > Dave

Navigation:

Next in forum: Re: function checkOK($field)
Prev in forum: Re: OCI8 1.2.1
Thread view: Re: Passing a HTML variable to a PHP file using include

[Reply to this message]

Удаленная работа для программистов • Как заработать на Google AdSense • England, UK • статьи на английском • PHP MySQL CMS Apache Oscommerce • Online Business Knowledge Base • DVD MP3 AVI MP4 players codecs conversion help

Home • Search • Site Map • Set as Homepage • Add to Favourites

Сайт изготовлен в Студии Валентина Петручека —
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация