@SheldonNov 30.2005 — #Yes, What are you saying by that?
What point or question are you asking?
That is not deffinitly a secutriy issue.
To continue on your emaples by showing it can be secure. [code=php] <?php //a link to your page // <a href="/index.php?page=toplisek">View info about Toplisek</a>
//and the code to return from that query string. $page = $_GET['action']; //so $page = "toplisek"
if (isset ($page)) // i.e. is the page refered to by the query string { include ($page); //it is! so include the page } // in this case it will call the main page from "/toplisek/index.html/php //of course to close any security holes you would use an else else { print 'Page not found'; }
?> [/code]
And you didnt answer my question in the first post?
@NogDogNov 30.2005 — #If you just include any file the user asks for, then yes, it could be a security hole (e.g.: include "/usr/passwd/" would not be a good idea). In such a case, you either need to check the requested file against a list of allowed files before including it or refusing the request, or perhaps only allowing requests from specific directories.
@bokehNov 30.2005 — #open a file based on user input without checking it first.[/QUOTE]What are you doing that would necessitate files to be opened based on user input?
@SheldonDec 01.2005 — #Thanks Sheldon. You are very kind. I have worked many years with HTML and now PHP.
If you want to learn you have to do it practical with coding not only manual.[/QUOTE]
Good on you, If yoiu have worked many years with html your doing better than me, I only started a couple of years ago.
Have you got a live website where one can view your work?I hope it will be in one year. But I will start with simple pages. That is the reason why I send questions.[/quote][/quote] Do you have many examples of your practical coding? If you have been working with html for so long you must have an online example.
@bokehDec 01.2005 — #I can not show public my work. Sorry Sheldon. I have worked already on my site 3 months.[/QUOTE]What's the big secret? He is only asking to have a look at a website you have built.
@SheldonDec 01.2005 — #if you go to http://www.slweb.co.nz/portfolio.php you can see mine, i can even give you a few address that arnt on there, its no big secret. In fact thats why i have learn all this, to see and show what i can do.
@SheldonDec 01.2005 — #Juat got home, bit blury, big night tomorrow, Am shaving off the beard. If i do i get $200 bar tab, Ill post a photo of before and after tomorroe morning.