Reply to Re: Securing against external URL in INCLUDE

Your name:

Reply:


Posted by OmegaJunior on 01/24/07 21:02

On Wed, 24 Jan 2007 21:18:55 +0100, Guffi <privat@pc-care.dk> wrote:

> Hi
>
> The PHP code is like this in the index-file:
>
> include($id);
>
> How can I secure it, so $id does not contaion an external link (which =
=

> could
> do some harm)
> I have tried this: if (stristr($id, 'http') =3D=3D TRUE) { exit("Hacki=
ng -
> STOP!!"); }
>
> But this test only work in my brower and does not stop from phishing :=
-(
>
> Can someone please help me out here !!??
>
>
>
>

How about allowing numeric entry only, and concatenating that with a =

string of your own? Like so:

$id =3D $_GET['id'];
if (is_numeric($id)) {
include('page'.$id);
}

-- =

Using Opera's revolutionary e-mail client: http://www.opera.com/mail/

[Back to original message]


Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация