0

I really need help of you. What i want is it that i want to load output of a PHP Script into another PHP script variable. And then echo it.

 print "<ul>";
    for($i=0;$i<mysqli_num_rows($govtJobsRslt);$i++){
    $job = mysqli_fetch_array($govtJobsRslt);
    $jobId = $job[0];
    $jobTitle = $job[1];
    $jobEmployer = $job[2];
    $jobVacancies = $job[3];
    $jobPage = $job[4];       
    $query2 = "SELECT employer_shortname, employer_city FROM employer WHERE employer_id               = $jobEmployer";
   $empDtlRslt = mysqli_query($link, $query2);
   if($empDtlRslt){                        
           $empDtls = mysqli_fetch_array($empDtlRslt);
           $empShortName = $empDtls[0];
           $empCity = $empDtls[1];                 
            **$new1 = file_get_contents("http://url/summaryProvider2.phpjobId=".$jobId);**
           print "<li id=\"lst$jobId\" class=\"qs\"><a href=\"/govtjobs/$jobPage\">".$empShortName." ".$empCity."-".$jobTitle."-".$jobVacancies." Posts</a> </li><div id=\"sum$jobId\" class=\"jobSummary\">".$new1."</div>";

I want to replace file_get_contents() method because this is not working on web server becasue it is disabled for security reasons.

Please tell me the other way that how can i do that??? Is it possible somehow using include() method???

Guys please help soon...

Improve this question
4
  • 1
    You have a SQL injection vulnerability.+ Commented May 25, 2014 at 13:20
  • 1
    But its a SELECT only statement than how is it vulnerable because no input is possible it is for presentation only Commented May 25, 2014 at 13:23
  • What is disabled? Is the function file_get_contents() disabled? (unlikely, nasty if so), is allow_url_fopen disabled (more likely)? If that is the case, is the curl extension available? If curl is available, use that. Commented May 25, 2014 at 13:23
  • I removed allow_url_fopen from disable list but the behavior did not change Commented May 25, 2014 at 13:25

1 Answer 1

Reset to default
1

you can use fopen just open it as a regular text file but that is not better than file_get_contents. You can also have your web server treat this file as a non php file, and then it will just spill the contents to whoever requests it so then you can use curl to the local machine to get it.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.