Eduard Grigoryan wrote:
> Hi,
>
> I'm new to PHP and I'd appreciate your advice a lot.
> I'm trying to use dynamic PHP links instead of plain HTML and I'm gonna
> use something like
> this:
> File "index.php":
> story
> about
> if(isset($content)):
> include $content;
> else:
> include "about.htm
Eduard Grigoryan wrote:
Hi,
I'm new to PHP and I'd appreciate your advice a lot.
I'm trying to use dynamic PHP links instead of plain HTML and I'm gonna use
something like
this:
File "index.php":
story
about
But a guy told me it is not preferable to use this method because of security
considerat
Hey,
The reason your pal warned you against that approach is, someone could screw
with your url with something like this:
index.php?content=/etc/httpd/.dbmpasswd
which would include that file if it exists...its a security problem, be
careful and know EXACTLY what you are including/requiring.
-R
3 matches
Mail list logo
