PHP Developers Network
http://forums.devnetwork.net/

Proper Includes via $_GET
http://forums.devnetwork.net/viewtopic.php?f=34&t=36850
Page 4 of 4

Author:  mabufo [ Sat Jul 07, 2007 9:41 pm ]
Post subject: 


Author:  feyd [ Sat Jul 07, 2007 9:44 pm ]
Post subject: 


Author:  mabufo [ Sat Jul 07, 2007 9:54 pm ]
Post subject: 


Author:  feyd [ Sat Jul 07, 2007 9:59 pm ]
Post subject: 


Author:  Charles256 [ Sat Jul 07, 2007 10:13 pm ]
Post subject: 


Author:  superdezign [ Sat Jul 07, 2007 10:21 pm ]
Post subject: 

I felt I'd need to say this long ago before you edited the post directly after feyd's first answer, but it looks like I'll need to say it now.

We don't get paid to help you. In fact, if your question doesn't cause us to learn anything new, we get nothing at all out of it. If you're willing to spend money, someone will do the work for you. However, we're not ones to be taken advantage of, and it is one of the reasons that I love this forum. Other forums pressure you to "work" for the people who ask questions (regardless of how rude they may be).

Also, no, I don't mind if you PM me. However, I do mind if you PM me with questions. Your message has been ignored. That's what the forums are for.

Author:  mabufo [ Sat Jul 07, 2007 11:15 pm ]
Post subject: 

I'm not asking you do design a commercial website for me, I'm not asking you to code me a cms. I was merely asking on how to secure my php include calls. I'm not trying to take advantage of you by asking for code snippets, that's not what I'm here for. If I came off like that, I am sorry. I suppose in the world of web design code snippets go a long way, to tell the truth, I wouldn't know. I suppose I understand where the monetary issue comes into play, but all I want to learn is how to do it for myself, and the way I can do that, personally, is by example, and an example was the only thing I was looking for.

I don't always know what you guys are talking about when you reply to my question. I think the trouble is the assumption that I do. I'm clearly not an experience php coder, so I hardly ever know what to make of some posts - so it would help if you all weren't so vague all the time. Giving me cryptic messages in hope that I'll do some searching on my own really doesn't help me solve my problem. I post here because I don't know what to look for, and the fact that all I get back is you all telling me to search again is really discouraging. I can understand you guys not want to be pressured into having to post code examples or whatever, but I'm not forcing you. But, a shove in the right direction should be a little more than telling me to search for something (functions excluded), because more than half the time, I have no idea what I should be searching for. I'm not familiar with the web-dev lingo.

Also, superdezign, I was just trying to clarify on the post you made in my other recent thread, and I meant no harm. I suppose I didn;t want to run the risk of making a complete ass of myself... but looks like I've done that anyway. I'll make a new topic about my design theory problem, if that would suit everyone.

Regardless, I don't mean to come off as a 'gotta have it now' smurf. I'm willing to learn for myself and all of that, I assure you. However, in contrast with my forum join date, I am really a novice at this stuff, so a little compassion would go a long way. They don't call these forum communities for nothing.

Author:  vigge89 [ Sun Jul 08, 2007 6:34 am ]
Post subject: 

If you're new to using databases, I suggest checking out one or more of the many 'beginner MySQL' tutorials on the net. I'm afraid I don't have any specific links lying around but there should be many listed on google ;)
When you've got the basics it's not much harder than populating a table in the database with different pages (id, page name, php script responsible, etc.) and then doing a SQL SELECT-query with PHP to retrieve the page whose id has the one $_GET['page'] contains (after cleaning the input up or validating it).

Author:  Bluewind [ Sat Jul 26, 2008 2:33 am ]
Post subject:  Re: Proper Includes via $_GET


Author:  Mordred [ Sat Jul 26, 2008 3:45 am ]
Post subject:  Re: Proper Includes via $_GET


Author:  Bluewind [ Sat Jul 26, 2008 4:30 am ]
Post subject:  Re: Proper Includes via $_GET


Author:  Mordred [ Sun Jul 27, 2008 1:05 pm ]
Post subject:  Re: Proper Includes via $_GET

Which script? I'm not sure you're understanding the method. The attacker-provided backdoored jpg is stored in a secret location. It accessible through a proxy script only, but still visible from the web as backdoor.jpg. In htdocs/backdoor.jpg on the server there's nothing though, so it can't be LFI-ed.

Author:  feyd [ Fri Aug 01, 2008 10:40 am ]
Post subject:  Re: Proper Includes via $_GET

This thread was dead a year before resurrection…

Author:  Mordred [ Fri Aug 01, 2008 11:22 am ]
Post subject:  Re: Proper Includes via $_GET

Huh, yeah.

Welcome back btw :)

Author:  benanamen [ Mon Nov 16, 2015 11:10 am ]
Post subject:  Re:


Page 4 of 4 All times are UTC - 5 hours
Powered by phpBB® Forum Software © phpBB Group
http://www.phpbb.com/