This used to work with PHP 5 - but now it doesn't work in PHP 4.
I have a varible in the address bar - $p, which is the name of a page I want to include.
[syntax="php"]include ($p.".php");[/syntax]
any hints?
[syntax="php"]include($_GET['p'].".php");[/syntax]
thats always the preferred method. i didnt know they made it the only method in php5. but itb maes sense.
It's a potential security hole for those who don't know what they're doing (and besides, registering variables is just annoying for an experience programmer).
Eno: That's a *huge* security hole you got there: What happens if I pass a path to a script I shouldn't access in variable $p? eg:
http://yoursite.com/?p=/home/eno_on/www/...ash_db.php
Make very sure you strip out all / characters from a url, and make double sure any script that shouldn't be run by the public gets authentication first.
Will stripslashes() work?