I mean that it is open for hacking if you pass a variable name through a URL.
Thank you, Micah Gersten onShore Networks Internal Developer http://www.onshore.com daniel danon wrote: > What do you mean? > > On Sun, Oct 12, 2008 at 5:40 PM, Micah Gersten <[EMAIL PROTECTED] > <mailto:[EMAIL PROTECTED]>> wrote: > > That's fine as a test, but you never want to get a variable name > from a > URL in practice. > > Thank you, > Micah Gersten > onShore Networks > Internal Developer > http://www.onshore.com > > > > Richard Heyes wrote: > >> $varname = "\$_SERVER['REMOTE_ADDR']"; > >> $varvalue = $$varname; > >> > > > > That's wrong. Offhand you'll end up printing a string. I tried this: > > > > <?php > > $a = 365; > > $b = 366; > > > > $var = $_GET['var']; > > > > echo $$var; > > ?> > > > > And it was fine. > > > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
