The PHP code is processed on the web server and removed. Only the HTML and images are sent back to the clients browser.
> I'm just starting to get PHP, and I'm wondering about the security of the > code I write. It _seems_ that when I try to download the PHP file directly > (like using Save Target As...) it will download only as an HTML file and > my > PHP code is gone. I've tried this on a few other people's sites, and this > seems to be the common behavior. Is there a way someone can extract my php > file without this transformation? What are some good security issues I > should know? > > One of the things I'm starting with is a simple blog/guestbook. I have a > couple form fields and I strip_tags ... what else should I be doing? I > want > to leave the guestbook pretty open, so I don't want a sign-in and > confirmation thingie. I don't even mind anonymity, cuz I can edit the > comments later if I want. > > Thanks for your time. > > Gabino -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php