Last Updated: February 25, 2016

phpinfo() the right way!

This is how to secure any file that calls phpinfo() function. If the developer passes a get parameter to the script with a correct value he will see the server environment information, otherwise respond with a 404 error not found.

<?php
if(isset($_GET['phpinfo']) && $_GET['phpinfo'] == 'true'){
    phpinfo();
}else{
    header("HTTP/1.0 404 Not Found");
}

Written by Alex Goretoy

Say Thanks

Respond

Related protips

HTML5 Mobile Device Camera Access

341.4K

Pretty print array php

272.3K

Laravel's .htaccess to remove "public" from URL

242K

2 Responses

Add your response

hippyjim

Interesting idea, but it might be a bit safer to lock it down based on IP or hostname rather than a simple flag.

Or better still - only allow the script to be run on localhost.

Or better...don't have the script on your public facing server at all!

over 1 year ago ·

gxela

Very good points and nice elaboration, thanks

over 1 year ago ·

Have a fresh tip? Share with Coderwall community!

Best #Php Authors

463.4K

339.6K

267.7K

hnordt

241.3K

237.6K

Related Tags

Awesome Job

Post a job for only $299

#native_title# #native_desc#

#native_cta#

phpinfo() the right way!

Written by Alex Goretoy

Related protips

HTML5 Mobile Device Camera Access

Pretty print array php

Laravel's .htaccess to remove "public" from URL

2 Responses Add your response

Have a fresh tip? Share with Coderwall community!

2 Responses

Add your response