Hey, The reason your pal warned you against that approach is, someone could screw with your url with something like this: index.php?content=/etc/httpd/.dbmpasswd which would include that file if it exists...its a security problem, be careful and know EXACTLY what you are including/requiring. -Ryan On 2/12/2005 10:33:10 AM, Eduard Grigoryan (edik_g@xxxxxxxxxx) wrote: > Hi, > > > > I'm new to PHP and I'd appreciate your advice a lot. > > I'm trying to use dynamic PHP links instead of plain HTML and I'm gonna > use something like > > this: > > File "index.php": > > <? > > <a href=index.php?content=story.htm>story</a><br> > > <a href=index.php?content=about.htm>about</a><br> > > <? > > if(isset($content)): > > include $content; > > else: > > include "about.htm"; > > endif; > > ?> > > > > But a guy told me it is not preferable to use this method because of > security considerations. > > I'm sure there is a common way of building dynamic links; am I on wrong way? > > Any help would be appreciated. > > Thank you in advance > > > > Best regards, > Eduard Grigoryan > > ************************* > Armenian Freenet Catalog > http://freenet.am/~edik_g > http://armfn.net/~edik_g > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.300 / Virus Database: 265.8.7 - Release Date: 2/10/2005 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
