Source Rally PHP Community Scripts .. Sign up .. Login
this is another way to receive the url param
Access: Public      Tags:
Add to favourites       Subscribe comments       Copy code       Bookmark
<?                   //index.php?pg=filename             //.inc 
        if($_GET['pg']) {
            if(file_exists($_GET['pg'].".inc")) {
                require_once($_GET['pg'].".inc");
            }else{
                echo "Script not found";
            }
        }else{
                 echo "the default page to show";
            }
  ?>
Add to favourites       Subscribe comments       Copy code       Bookmark
Sign up to add your own comment here!

Comments

neptho - 15-09-2007 00:30
Add to friends       Mail user
This is not a good idea. Even with the '.inc' append, you are not sanitizing your variables.. and by using require_once() instead of file(), malicious XSS is trivial.
More comments: 1
Shared by:

hany_sarhan

Mail user Add to friends
All user contributed content is available under the LGPL unless specified otherwise.
Remaining copyrights Regin Gaarsmand © 2006-2008
About SourceRally.net
Programador PHP