All geek questions in one place

Hosting a PHP script outside the root site

how will ia) include a php script that is outside the web root (whether it would be easy. /file.php), b) send form data to a php script outside the web root, I am convinced that this is the cornerstone security php.

+4
source share
3 answers

A) if your web root is / www / myapp / public _html, then your public_html / index.php may include scripts outside the root website, doing

require '../includefolder/script.php"

B) You cannot send data directly to scripts outside the root website. The thing is to move them there so that there is no direct access to them; everything should go to them from your available scripts, which are displayed in your web root.

+7
source

including a script, which outside of webroot is easy: you will do the same as for the script, which is under the web root:

 include '../myscript.php'; include '../library/myscript.php'; include dirname(__FILE__) . '/../library/myscript.php';

The one you prefer ;-) I would go for the latter, humanly, though.


Publishing to the script that outside the web court is not possible: the script cannot be serviced by Apache (Apache only does what is inside the root website).

So, the script cannot be accessed via HTTP; which means that it cannot be accessed from the browser.

But if you send a script to PHP that is inside webroot, and that the script includes another that is outside of webroot, then the code in this second file will be executed as the first script. This means that he will have access to the data $_POST - the data entered in the form.

+10
source
  • What is it. Relative paths.
  • If this is related to your previous question (you include this file in), then superglobal variables such as $_POST are available in the included files without any extra effort.
+3
source

Source: https://habr.com/ru/post/1303164/

More articles:


All Articles