I get an error stating that this line in my code is a security risk when I code it.

require_once($PLUGINS_DIRECTORY."forum/forum.php");

here is what the explanation is:

include() or analogous is used with variable argument this can be dangerous since variables are in many cases controlled by remote users.

the recommended  soloution is to write it this way

define('SCRIPT_PATH',"/htdocs");
include ('sSCRIPT_PATH."/Foo.inc");

my question is why is the other way safer? im kinda confused..




--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to