>> Imagine you have a page where, if a password passed from another page is
>> correct, you want to show some data on the Web page, but if the password
>> incorrect you want to show a warning and under no circumstances let them
>> the data. If you used mixed, they could simply read the source of the
>> to see that data... but with pure, the only source on the page is what
>> actually prints out, so they won't see anything they shouldn't.
>No becose I'll not check the password when I'm going to display the data..
>I'll check it right after the post, and if it's invalid, I redirect the
>to another page, or prints a block and exits the script..

Ignore my previous comment, I was incorrect - they won't see the sensitive
data with PHP. PHP parsing (I discover) ensures that the HTML mixed between
PHP blocks gets treated as if it had been echoed or printed by PHP, and thus
does not appear if the 'if' test fails. Sorry to have misled you (I learned
something today!).

_ _
o o    Jason Teagle

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to