Introduction to file name manipulation

File name manipulation Dynamic inclusion is used in many situations, where part of the directory name or file name is saved in a variable. For example, you can cache some of your dynamic pages to reduce the load on your database server. To make this vulnerability more obvious, $_GET is used in the example. This vulnerability also exists if you use contaminated data. Using $_GET['username'] is an extreme example through which the problem can be seen more clearly.​ While the above flow has its advantages, it also provides an attacker with an opportunity to freely choose to cache pages. For example, a user can easily edit the value of username in the URL

1. PHP Security-File Name Manipulation

Introduction: File name manipulation In many cases, dynamic inclusion is used, and part of the directory name or file name is saved in a variable. For example, you can cache some of your dynamic pages to reduce the load on your database server. ...

【Related Q&A recommendations】:

The above is the detailed content of Introduction to file name manipulation. For more information, please follow other related articles on the PHP Chinese website!