I get an error stating that this line in my code is a security risk when I code it.


here is what the explanation is:

include() or analogous is used with variable argument this can be dangerous since variables are in many cases controlled by remote users.

the recommended  soloution is to write it this way

include ('sSCRIPT_PATH."/Foo.inc");

my question is why is the other way safer? im kinda confused..

PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to