if (file_exists("pages/$page.php")) {
include($page.'.php');
}
Is this safe?
With Safe i mean that you cant include remote scripts etc
if (file_exists("pages/$page.php")) {
include($page.'.php');
}
Is this safe?
With Safe i mean that you cant include remote scripts etc
The code you posted has a typo i believe. It should be:
if (file_exists("pages/$page.php")) {
include("pages/$page.php");
}
It however leads to code injection, if PHP settings allow it, remote file inclusion.
You need to make sure the page that you include can not be any arbitrary page.
Usually you'll see this type of code in a "Loader" class employing the Factory Method, however, in good implementations it restricts the files and classes it will load to a certain directory, or to a certain predefined set of files.