问题描述

我将如何a)在网络根目录之外包含一个php脚本(真的只是一个简单的../file.php文件)，b)将表格数据发布到网络根目录之外的一个php脚本中.我被认为这是php安全的基石.

how would i a)include a php script that is outside the web root (would it really be just a simple ../file.php), b)post form data to a php script outside the web root. I'm led to believe this is a corner stone to php security.

推荐答案

A)如果您的Web根目录是/www/myapp/public_html，则您的public_html/index.php可以通过这样做在Web根目录之外包含脚本

A) if your web root is /www/myapp/public_html then your public_html/index.php could include scripts outside the web root by doing

require '../includefolder/script.php"

B)您不能将数据直接发布到Web根目录之外的脚本.将它们移到那里的整个要点是，这样就无法直接访问它们.一切都必须从Web根目录中公开的可访问脚本传递给他们.

B) You can't post data directly to scripts outside the web root. The whole point of moving them there is so that there is no direct access to them; everything must pass along to them from your accessible scripts which are exposed in your web root.

这篇关于将PHP脚本放置在网站根目录之外的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！