> -----Original Message----- > From: Fejes Jozsef [mailto:[EMAIL PROTECTED] > Sent: 10 July 2003 12:33 > > My method is: > 1. check if id starts with / > if(ereg("^\/", $id)) > goaway;
That's a rather expensive (and slightly obscure) way of performing that check. Try: if ($id{0}=='/') goaway; > 2. check if there is .. in it > if(ereg("\.\.", $id)) > goaway; Likewise: if (strpos($id, '..')!==FALSE) goaway; Cheers! Mike --------------------------------------------------------------------- Mike Ford, Electronic Information Services Adviser, Learning Support Services, Learning & Information Services, JG125, James Graham Building, Leeds Metropolitan University, Beckett Park, LEEDS, LS6 3QS, United Kingdom Email: [EMAIL PROTECTED] Tel: +44 113 283 2600 extn 4730 Fax: +44 113 283 3211 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php