> > It could be what I was typing in the url bar. > > > > file.php?file=foobar.inc > > 1) Try include $_GET['file']; > > 2) Let me know where your server is so I can go to > > http://your.server/file.php?file=/etc/passwd > > miguel
You might want to use .php file extension and /include/ directory to prevent Miquel stealing your pressious passwords :)) <snip> file.php?file=inc.foobar.php ------------------------- include("include/$file"); </snip> Just a thought :))) Teemu -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php