I need to execute some php file from another php file, as far as I know, I have two options, include() and virtual(). However, I need to pass variables along to the include that I am doing, for this reason, I should have a http link in my include(), which forces me to enable allow_url_include, which I am trying to avoid.
this is working fine, but given that I can’t use $_GET with virtual(), I used $_SERVER[‘QUERY_STRING’], but this is doing the same as $_GET, which means getting the query string of the file from where I executed the code.
My questions are:
Are there serious risks if I enable allow_url_include, however only inlclude from my own site, not any 3rd party, nor pass what to include as a param from any file?
How can I read the query string if I use virtual()?