I suppose include() can be used to include files from remote systems(not on WINDOWS).
So, How can I protect my script from unauthorised inclusions ? A webmaster on the same server can always use a path like "/home/htdocs/.../config.php" and include my config .php which contains my database password !! Even a web master from a remote server can do the same by probably using http://www.xyz.net/config.php I am using windows 2000/apache/php so I really have not tried these...but the docs say it can be done(remote system inclusion except on win) Lord Loh. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php