Home > Article > Backend Development > Introduction to file name manipulation
File name manipulation Dynamic inclusion is used in many situations, where part of the directory name or file name is saved in a variable. For example, you can cache some of your dynamic pages to reduce the load on your database server. To make this vulnerability more obvious, $_GET is used in the example. This vulnerability also exists if you use contaminated data. Using $_GET['username'] is an extreme example through which the problem can be seen more clearly. While the above flow has its advantages, it also provides an attacker with an opportunity to freely choose to cache pages. For example, a user can easily edit the value of username in the URL
1. PHP Security-File Name Manipulation
Introduction: File name manipulation In many cases, dynamic inclusion is used, and part of the directory name or file name is saved in a variable. For example, you can cache some of your dynamic pages to reduce the load on your database server. ...
【Related Q&A recommendations】:
The above is the detailed content of Introduction to file name manipulation. For more information, please follow other related articles on the PHP Chinese website!