GoFuckYourself.com - Adult Webmaster Forum - View Single Post - Simple PHP Include Question... Help Please

raymor · 12-03-2011, 08:31 PM

Btw be very, very careful if there are any variables in the path or especially a URL. The bad guys can be very tricky about sneaking stuff into variables so you end up executing whatever they put at http://hacker.com/yourfucked.php?you.com/yourscript.php

Also you said "it doesn't work". What does the error log tell you about WHY it didn't work? When you say "it doesn't work", the second half of that sentence is the important part - it doesn't work and the error log says that's because ...

The very important message in the error log assumes you don't prefix the statement with "@" as you sometimes see people do. "@" means "when this fails don't tell me why and don't stop processing, just keep going as pretending it worked, without telling me what's wrong". It could be useful if you know that the statement is SUPPOSED to fail sometimes.

12-03-2011, 08:31 PM
raymor Confirmed User Join Date: Oct 2002 Posts: 3,745	Btw be very, very careful if there are any variables in the path or especially a URL. The bad guys can be very tricky about sneaking stuff into variables so you end up executing whatever they put at http://hacker.com/yourfucked.php?you.com/yourscript.php Also you said "it doesn't work". What does the error log tell you about WHY it didn't work? When you say "it doesn't work", the second half of that sentence is the important part - it doesn't work and the error log says that's because ... The very important message in the error log assumes you don't prefix the statement with "@" as you sometimes see people do. "@" means "when this fails don't tell me why and don't stop processing, just keep going as pretending it worked, without telling me what's wrong". It could be useful if you know that the statement is SUPPOSED to fail sometimes. Last edited by raymor; 12-03-2011 at 08:36 PM..