> Hello. I just finished creating a simple input form in
> which the contents of a textarea get written to a file
> which in turn gets read by a particular page. 

This is a Really Bad Idea(tm).

> it seems pretty dangerous to allow a user to enter any 
> amount of php programming at their will.

... and that's why.

> something as simple as a function that strips all <'s
> and >'s would work just as well i would imagine.

You could just read the file from another script with 
file() and output it rather than include()'ing it. That 
way the code is never executed.


PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to