Jean Lee wrote:
Could you explain what was my fault concerned about this case?

$handle = fopen("./menu.php", "r");
$contents = "";

if ($handle) {
    while (!feof($handle)) {
        $buffer = fgets($handle);

        $contents = $contents . $buffer;

echo "<textarea cols=80 rows=30>" . $contents . "</textarea>";

As Andrew pointed out, you need to use htmlspecialchars()
echo "<textarea cols=80 rows=30>" .htmlspecialchars($contents). "</textarea>";

The reason for that is because the text may contain html control characters like <>&'" which the browser will attempt to interpret.

I usually use htmlentities() instead

Those willing to give up a little liberty for a little security
deserve neither security nor liberty.
[Benjamin Franklin]

PHP General Mailing List (
To unsubscribe, visit:

Reply via email to