Home  >  Article  >  Backend Development  >  Introduction to file name manipulation

Introduction to file name manipulation

巴扎黑
巴扎黑Original
2017-06-14 13:59:411257browse

File name manipulation Dynamic inclusion is used in many situations, where part of the directory name or file name is saved in a variable. For example, you can cache some of your dynamic pages to reduce the load on your database server. To make this vulnerability more obvious, $_GET is used in the example. This vulnerability also exists if you use contaminated data. Using $_GET['username'] is an extreme example through which the problem can be seen more clearly.​ While the above flow has its advantages, it also provides an attacker with an opportunity to freely choose to cache pages. For example, a user can easily edit the value of username in the URL

1. PHP Security-File Name Manipulation

Introduction to file name manipulation

Introduction: File name manipulation In many cases, dynamic inclusion is used, and part of the directory name or file name is saved in a variable. For example, you can cache some of your dynamic pages to reduce the load on your database server. ...

【Related Q&A recommendations】:

The above is the detailed content of Introduction to file name manipulation. For more information, please follow other related articles on the PHP Chinese website!

Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn