DZone Snippets is a public source code repository. Easily build up your personal collection of code snippets, categorize them with tags / keywords, and share them with the world

Snippets has posted 5883 posts at DZone. View Full User Profile

Everyday Php

03.24.2006
| 835 views |
  • submit to reddit
        // variable output

<?php print $_GET["var output"]; ?>

// variable includes

<?php include ($_GET["var name"] . '.html'); ?>
    

Comments

Snippets Manager replied on Wed, 2006/01/04 - 1:21pm

<?= $_GET["var_output]; ?>

Snippets Manager replied on Wed, 2006/01/04 - 1:21pm

This opens a major security hole. What will happen if var_name is, say "/etc/passwd"+NULL ? Never trust the client.