Last Updated: February 25, 2016

phpinfo() the right way!

This is how to secure any file that calls phpinfo() function. If the developer passes a get parameter to the script with a correct value he will see the server environment information, otherwise respond with a 404 error not found.

<?php
if(isset($_GET['phpinfo']) && $_GET['phpinfo'] == 'true'){
    phpinfo();
}else{
    header("HTTP/1.0 404 Not Found");
}

Written by Alex Goretoy

Say Thanks

Respond

Related protips

HTML5 Mobile Device Camera Access

356.6K

Pretty print array php

285.3K

Laravel's .htaccess to remove "public" from URL

243.9K

2 Responses

Add your response

hippyjim

Interesting idea, but it might be a bit safer to lock it down based on IP or hostname rather than a simple flag.

Or better still - only allow the script to be run on localhost.

Or better...don't have the script on your public facing server at all!

over 1 year ago ·

gxela

Very good points and nice elaboration, thanks

over 1 year ago ·

Have a fresh tip? Share with Coderwall community!

Best #Php Authors

469.4K

356.6K

285.2K

hnordt

243.9K

239.3K

Related Tags

Awesome Job

Post a job for only $299

#native_title# #native_desc#

#native_cta#

phpinfo() the right way!

Written by Alex Goretoy

Related protips

HTML5 Mobile Device Camera Access

Pretty print array php

Laravel's .htaccess to remove "public" from URL

2 Responses Add your response

Have a fresh tip? Share with Coderwall community!

2 Responses

Add your response