[Coco] OT -- PHP code help needed.

William Astle lost at l-w.ca
Sun Sep 17 23:07:01 EDT 2006


Dave Kelly wrote:
> I need to pass a variable to a php include statememt.
> 
> 
>  <a href="signup.php?var1=list-PINSS.php&var2=blurb-PINSS.php"><h3>Padre 
> Island National Sea Shore</h3></a><br>
> 
> to be used in the include statememsts;
> 
>> <html>
>> <body>
>> <?php include ($_get["var2"]); ?>
>> <br clear="all">
>> <?php include ($_get["var1"]); ?>

As has already been stated, PHP is case sensitive. In fact, unless you 
know specifically elsewise, you should always assume case sensitivity; 
then you don't run into this type of issue. And all the "superglobals" 
in PHP are upper case ($_GET, $_POST, etc)

That said, the above code is absolutely stupid from the security 
perspective. I hope that was just a pared down example for the sake of 
asking the question since it would allow me to do something like:

file.php?var2=/etc/passwd

for example. Or include any other file accessible by PHP.

Of course, if you're doing this in a totally trustworthy environment, 
you might get away with it.


-- 
William Astle
finger lost at l-w.ca for further information

Geek Code V3.12: GCS/M/S d- s+:+ !a C++ UL++++$ P++ L+++ !E W++ !N w---
!D !M PS PE V-- Y+ PGP t+@ 5++ X !R tv+@ b+++@ !DI D? G e++ h+ y?



More information about the Coco mailing list