HTML form action using a php file outside of root directory?

后端未结

关注

 4  1775

孤城傲影 2021-01-13 18:47

I am wondering, there are a few files I have kept outside of the root directory in a different directory and I am trying to use a HTML form to post info to a php file that s

4条回答

独厮守ぢ (楼主)

2021-01-13 19:22
On my website, every form I start with this code:
```
    
```
This avoids the need for multiple proxy scripts because action.php will use the value of the hidden field to determine which php file should be called. Don't call the hidden field action if you post the form using Ajax because it can cause a conflict. Also, I have set the .htaccess file to remove the php extension, so you may need to add .php to action in your HTML code.

Here is action.php:
```
if (!empty($_POST['i-action']))
{
    $action = str_replace('.', '', $_POST['i-action']);
    $action = str_replace('/', '', $action);
    if (file_exists("../secret/directory/structure/$action".'.php'))
        require_once("../secret/directory/structure/$action".'.php');
}
```
I used str_replace to ensure hackers can't traverse to a different directory.
0 讨论(0)

查看其它4个回答
发布评论:

提交评论
- 加载中...