|
Posted by Gordon Burditt on 10/07/06 14:17
>Hey all, I'm trying to get this include to work but I can't for some
>reason. Each file I'm trying to include is named articles.php, but the
>directories are different. So I set up the link to my include.php file
>like this
>
><a href="include.php?directory='.$articlename.'">'.$articletitle.'</a>
>
>and on the reciving end
>
><?php include '/'.$_GET["directory"].'/articles.php'; ?>
Using include on a variable file name with unchecked user-supplied
pieces is very dangerous, especially if it is possible for a user to
put any files on the system in question or if the filename can be
made remote. It's a great way to inject viruses.
[Back to original message]
|