I'm looking for some simple code to ensure that a $variable read from the URL originates on my site.
Example URL:
http://mysite.com/page.php?variable=1
I want code that prevents someone from calling a file from another site, for example:
...mysite.com/page.php?variable=http://badsite.com/file.exe
check your input with regular expressions or stristr.
--FrosT
file_exists() only works on local resources and network shares, so may do the trick. check with file_exists() and fail if it fails.
Great idea -- that works. Thanks.
