-1
I have this code to change page
require_once(basename(($_GET[''page'']!='''' ? $_GET[''page''] : ''home'') . ''.php''));
I would like it to take the files from a specific page type /inc/pages...
-1
I have this code to change page
require_once(basename(($_GET[''page'']!='''' ? $_GET[''page''] : ''home'') . ''.php''));
I would like it to take the files from a specific page type /inc/pages...
0
The problem is that you must be trying to access files and directories that the Web server does not see, mainly for security reasons. If the default directory to deploy files is /var/www
for example, only this directory down will be visible to the server. You will never be able to load anything from /inc/pages
, unless you move /inc/pages
into /var/www
.
Browser other questions tagged php
You are not signed in. Login or sign up in order to post.
this may be the most insecure code I’ve ever seen posted here.
– Maniero
But, what happens? Make a mistake? Doesn’t it work? Please specify your question better so that we can help you.
– William Aparecido Brandino
Good if it is not safe show me a safe. It works yes, but I need one to take the files from another folder. It is for the page change
– Ygor Leal
It works, but I need it to get pages from other folders like /inc/pages/ I want the files to stay there and not in the main folder.
– Ygor Leal
The safe solution is to have a list of which pages are valid, and check if what the user has been through is on that list. Because the way it is, someone malicious will be able to run any PHP that exists in the project (and maybe even any PHP that exists on the server).
– bfavaretto
@Maniero only "no" is insecure because it does not perform - syntax error
– Guilherme Nascimento