PHP Include() function question!

superwormy

Is there a way to limit the directories from where the include () function can grab from?

ie, if I give the user any control over what file gets included, theres a chance that they might try to include something like:

../../my.cnf or ../../../boot.ini

etc. etc. which could give away some information the user should never know...

Is there a way to ensure that include() can only include from a certain directory? Or that it canNOT include from below a certain directory level?

Thanks!

eoghain

Not really. You need to rely on your systems security. As long as the web server user can't access the files that you don't want accessed then php won't be able to access them either.