开发者

Simple security question: PHP Includes

My sample index.php

include 'class.php';
$x = new class;
include $_GET['page'].'.php'; //checks if isset file_exists and in_array of valid fil开发者_如何学编程e names before including;

I want to make sure the page being included can't be accessed directly. Below are some examples of code I'm placing on the first line of code on the files that are being included within index.php.

I've tried: (if not being included within index.php die)

if($_SERVER['SCRIPT_NAME']!='/index.php') die;

and (if the class that's defined in the index is not set die);

if(!isset($x)) die;

What's your favorite way to make pages being included within php inaccessible when viewed directly?


define() and defined().

Or just put them outside of the document root.


if($_SERVER['SCRIPT_FILENAME'] == __FILE__) {
     die("Go Away");
 }

Sorry, updated it to be right.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜