Is php capable of recognizing things such as in a text box, someone were to put ?php
insert php code here; ? and display say, variables?
do i have to htmlspecialchars every entry?
does this make any sense?
thanks in advance.
Alan Fullmer mailto:[EMAIL PROTECTED]
on Friday, November 21, 2003 5:00 PM said:
do i have to htmlspecialchars every entry?
Yes you have to protect yourself from your users data each and every
time you receive user data, ever, always.
does this make any sense?
I think so.
Chris.
--
Alan Fullmer wrote:
Is php capable of recognizing things such as
in a text box, someone were to put ?php insert
php code here; ? and display say, variables?
No, not normally. If you just display the code, it'll show as plain PHP
code and not be run. However, if it makes its way into an include
]
To: [EMAIL PROTECTED]
Sent: Thursday, August 09, 2001 9:07 PM
Subject: [PHP] Question about security: writing images to a directory (chmod
777)
For a job I'm working on I need to let PHP-code write images to a
directory. To be able to do that I need to make this directory read- and
writeable
4 matches
Mail list logo