[PHP] question about security
Is php capable of recognizing things such as in a text box, someone were to put ?php insert php code here; ? and display say, variables? do i have to htmlspecialchars every entry? does this make any sense? thanks in advance.
RE: [PHP] question about security
Alan Fullmer mailto:[EMAIL PROTECTED] on Friday, November 21, 2003 5:00 PM said: do i have to htmlspecialchars every entry? Yes you have to protect yourself from your users data each and every time you receive user data, ever, always. does this make any sense? I think so. Chris. -- Don't like reformatting your Outlook replies? Now there's relief! http://home.in.tum.de/~jain/software/outlook-quotefix/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] question about security
Alan Fullmer wrote: Is php capable of recognizing things such as in a text box, someone were to put ?php insert php code here; ? and display say, variables? No, not normally. If you just display the code, it'll show as plain PHP code and not be run. However, if it makes its way into an include file or eval() call, then it could be evaluated. do i have to htmlspecialchars every entry? Depends on your program. For most text, yes. -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about security: writing images to a directory (chmod 777)
Using the ftp functions is an alternative http://www.php.net/manual/en/ref.ftp.php Data Driven Design 1506 Tuscaloosa Ave Holly Hill, Florida 32117 http://www.datadrivendesign.com Phone: (386) 226-8979 Websites That WORK For You - Original Message - From: SED [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, August 09, 2001 9:07 PM Subject: [PHP] Question about security: writing images to a directory (chmod 777) For a job I'm working on I need to let PHP-code write images to a directory. To be able to do that I need to make this directory read- and writeable. Concerned about the security, is this directory open for anyone to write into it? (Let say PHP-code form another server?) If so, how can I solve this without this security-risk? Thanks, SED -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]