The only way to execute code stored in a varaible (string) is to send it to the eval() function. Assuming you're not doing this then you're perfectly safe. Learn more about the eval function.. http://www.php.net/manual/en/function.eval.php
-Kevin ----- Original Message ----- From: "Nightshade" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, June 11, 2002 6:39 AM Subject: [PHP] Question about tag <??> > Hi there, I'm working with PHP since 3 weeks, so I'm newbie and maybe I > could say some bull XXXX :-) > That's my question: > Let's suppose that I make a ...mmm...forum. Now, in a Textbox i write my > comment and I add also this > <? > //some instruction to erase my site's root directory > ?> > So I post all I wrote to db. > Ok, when I gonna read this record from database with the other comments, > is here the possibility that piece of code, is executed, making some > "disaster" into my directory? > I hope you understand my question,and sorry x my english... :) > tia, jonny > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
