Php 在include链接中添加$\u GET变量
如何在我的include链接中添加$\u GET变量的内容Php 在include链接中添加$\u GET变量,php,get,Php,Get,如何在我的include链接中添加$\u GET变量的内容 <?php $variable = $_GET['variable']; ?> 此处放置了我的变量: <?php include 'includes/link_(variable placed here).php'; ?> 只需使用: 仅供参考,这是一个很好的例子。您应该在使用该值之前对其进行清理和验证。您只需将其作为字符串使用即可: include 'includes/link_'.$var
<?php $variable = $_GET['variable']; ?>
<?php
include 'includes/link_(variable placed here).php';
?>
仅供参考,这是一个很好的例子。您应该在使用该值之前对其进行清理和验证。您只需将其作为字符串使用即可:
include 'includes/link_'.$variable;
在基于用户输入的代码中尝试使用include时要小心。麻烦,沸腾,冒泡 它可以像任何其他字符串一样连接:
include 'includes/link_' .$variable;
<?php
/* This example assumes that www.example.com is configured to parse .php
* files and not .txt files. Also, 'Works' here means that the variables
* $foo and $bar are available within the included file. */
// Won't work; file.txt wasn't handled by www.example.com as PHP
include 'http://www.example.com/file.txt?foo=1&bar=2';
// Won't work; looks for a file named 'file.php?foo=1&bar=2' on the
// local filesystem.
include 'file.php?foo=1&bar=2';
// Works.
include 'http://www.example.com/file.php?foo=1&bar=2';
$foo = 1;
$bar = 2;
include 'file.txt'; // Works.
include 'file.php'; // Works.
?>
为什么存在安全风险??有人可以将任意文件路径作为变量传递,这可能会导致脚本下载恶意代码。
<?php
/* This example assumes that www.example.com is configured to parse .php
* files and not .txt files. Also, 'Works' here means that the variables
* $foo and $bar are available within the included file. */
// Won't work; file.txt wasn't handled by www.example.com as PHP
include 'http://www.example.com/file.txt?foo=1&bar=2';
// Won't work; looks for a file named 'file.php?foo=1&bar=2' on the
// local filesystem.
include 'file.php?foo=1&bar=2';
// Works.
include 'http://www.example.com/file.php?foo=1&bar=2';
$foo = 1;
$bar = 2;
include 'file.txt'; // Works.
include 'file.php'; // Works.
?>