secure $_GET

Out of context: Reply #2

Started
Last post
7 Responses

UndoUndo0
dude thats really insecure, someone who knows the locaion of the pages could include any file on yr server so DONT post any links here. your condition only checks for the variable to be NOT empty.
to make it more secure you should check for known values of 'c'.
ie
$myVar = $_GET['c'];
switch($myVar){
case:'home';
include("home.php");
break;
case:'about';
include("about.php");
break;
}
add in extra 'cases' where you know the value and the file to include
UndoUndo 0Permalink
Upvote Downvote
Flag
Show [[ numHiddenNotes ]] more notes Add Note
Save Cancel

View thread