What are the potential security risks of using $_GET to pass CSS file names in PHP?

Using $_GET to pass CSS file names in PHP can pose security risks such as allowing for directory traversal attacks or injection of malicious code. To mitigate these risks, it is recommended to validate and sanitize the input before using it to include the CSS file.

$css_file = isset($_GET[&#039;css_file&#039;]) ? basename($_GET[&#039;css_file&#039;]) : &#039;default.css&#039;;
$css_file_path = &#039;css/&#039; . $css_file;

// Validate and sanitize the input
if (!file_exists($css_file_path)) {
    $css_file = &#039;default.css&#039;;
}

// Include the CSS file
echo &#039;&lt;link rel=&quot;stylesheet&quot; type=&quot;text/css&quot; href=&quot;&#039; . $css_file_path . &#039;&quot;&gt;&#039;;

Keywords

$_GET security risks CSS file names PHP

What are the potential security risks of using $_GET to pass CSS file names in PHP?

Keywords

Related Questions