So i’m getting into security problems right now, and i want to know what

Question

0

Asked: June 12, 20262026-06-12T09:15:42+00:00 2026-06-12T09:15:42+00:00

So i’m getting into security problems right now, and i want to know what

0

So i’m getting into security problems right now, and i want to know what is the perfect approach in making scripts safe. I have somewhere in my code this

$AdditionalPath = preg_replace("/^[A-Za-z0-9._-\/\\]/","",$AdditionalPath);
require $AdditionalPath."../xdata/php/website_config/mysql.php";

$AdditionalPath may be everything, even a malicious code, so i tough to myself that i should let certain characters into that variable, like A-Z a-z 0-9 . / \ . I’m i correct? And also did i made this regex correctly?

Thanks!

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-12T09:15:43+00:00

Editorial Team

2026-06-12T09:15:43+00:00Added an answer on June 12, 2026 at 9:15 am

Why not use realpath instead of a regex:

$file = realpath( $AdditionalPath . "../xdata/php/website_config/mysql.php");
if( is_readable( $file ))
  require $file;

Update:

From the documentation of realpath:

Note: The running script must have executable permissions on all
directories in the hierarchy, otherwise realpath() will return FALSE.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

So i’m getting into security problems right now, and i want to know what

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply