PHP include () alternative?

Question

PHP include () alternative?

I want to know if my code is safe and if there are other safer alternatives for including external files.

So this is my sample code, is it safe? How can I make it safer? Thank!

<?php switch($_GET['p']){
   case 'test1':
      include 'test1.php';
      break;
   case 'test2':
      include 'test2.php';
      break;
   case 'test':
                echo 'something';
      include 'pages/test.php';
                echo 'something';
      break;
   default: 
      include 'main.php';
      break; 
} ?>

+3

include php

Adrian M. Apr 11 '10 at 15:38

source share

6 answers

$_GET['p'] . , - , ( ).

, ", ", .

, , p -, , , .

, . - URI , , :)

+1

Tim Post 11 . '10 15:48

, , , , . , , . .

, include require, , -.

0

Arda Xi 11 . '10 15:42

, .

, , , . script, , , , require('filename');.

0

Stomped 11 . '10 15:42

, switch . , $__ POST, , .: D

0

Hanseh 11 . '10 15:45

, :

$safeIncludes = array('test1', 'test2', 'test3');
$p = $_GET['p'];
if(in_array($p, $safeIncludes)) {
    $scriptName = $p . '.php';
    include($scriptName);
}

, , .

-1

karim79 11 . '10 15:43

Yacoby · Accepted Answer · 2010-04-11T15:42:08+0000

You have a good code. There is no problem conditionally, including files, as you do, because the file names are hard-coded. The problem occurs when the included file is based on an unsuccessful value from the user. for instance

include $_GET['p'];

Which may include everything that the user wants (depending on the PHP settings, he may also include files in other domains)

Other options are options for what you are doing.

require require_once , . inlucde_once require_once , , , .

include_once 'myfile.php';
include_once 'myfile.php'; //does nothing as the file is already included

, . , , .

PHP include () alternative?

More articles: