[Coco] OT -- PHP code help needed.
William Astle
lost at l-w.ca
Sun Sep 17 23:07:01 EDT 2006
Dave Kelly wrote:
> I need to pass a variable to a php include statememt.
>
>
> <a href="signup.php?var1=list-PINSS.php&var2=blurb-PINSS.php"><h3>Padre
> Island National Sea Shore</h3></a><br>
>
> to be used in the include statememsts;
>
>> <html>
>> <body>
>> <?php include ($_get["var2"]); ?>
>> <br clear="all">
>> <?php include ($_get["var1"]); ?>
As has already been stated, PHP is case sensitive. In fact, unless you
know specifically elsewise, you should always assume case sensitivity;
then you don't run into this type of issue. And all the "superglobals"
in PHP are upper case ($_GET, $_POST, etc)
That said, the above code is absolutely stupid from the security
perspective. I hope that was just a pared down example for the sake of
asking the question since it would allow me to do something like:
file.php?var2=/etc/passwd
for example. Or include any other file accessible by PHP.
Of course, if you're doing this in a totally trustworthy environment,
you might get away with it.
--
William Astle
finger lost at l-w.ca for further information
Geek Code V3.12: GCS/M/S d- s+:+ !a C++ UL++++$ P++ L+++ !E W++ !N w---
!D !M PS PE V-- Y+ PGP t+@ 5++ X !R tv+@ b+++@ !DI D? G e++ h+ y?
More information about the Coco
mailing list