Posted by Gordon Burditt on 10/07/06 14:17

>Hey all, I'm trying to get this include to work but I can't for some
>reason. Each file I'm trying to include is named articles.php, but the
>directories are different. So I set up the link to my include.php file
>like this
>
><a href="include.php?directory='.$articlename.'">'.$articletitle.'</a>
>
>and on the reciving end
>
><?php include '/'.$_GET["directory"].'/articles.php'; ?>

Using include on a variable file name with unchecked user-supplied
pieces is very dangerous, especially if it is possible for a user to
put any files on the system in question or if the filename can be
made remote. It's a great way to inject viruses.

• Next in forum: Re: Forcing the user to open a link in a special way.
• Prev in forum: Re: Creating Dynamic URLs
• Thread view: Re: include won't work for some reason

[Reply to this message]