Welcome to WebmasterWorld Guest from 22.214.171.124
I started to learn php and mysql last winter and built two websites with the new gained knowledge.
Now I have problems with remote file inclusions on both websites (both located on different servers).
I read [en.wikipedia.org...] and some of the posts here, yet still don't really know how and where to start with securing my code.
Are there any web tutorials you could point me to where I could learn how to secure my php code agains attackers?
if ($_GET["a"] == "one")
else if ($_GET["a"] == "two")
is also safe
is not safe, because they can send anything in that textbox1 variable, and include anything they want.
$content = $_REQUEST['content'];
$nextpage = $content . ".inc.php";
after reading your post, Vis3R, this seems to be the weak part of my websites, because "they can send anything in that 'content' variable"?
Is this correct?
The solution for a beginner would then be to code the pages more static with clearly defined include files?
I also note you are using one of the alternative methods for invoking PHP. Although there is really nothing wrong with using that format you may want to reconsider and use the more common format, <?php
Details: Basic syntax [php.net]