The only way to execute code stored in a varaible (string) is to send it to
the eval() function. Assuming you're not doing this then you're perfectly
safe. Learn more about the eval function..
http://www.php.net/manual/en/function.eval.php
-Kevin
- Original Message -
From: "Nightshade" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, June 11, 2002 6:39 AM
Subject: [PHP] Question about tag
> Hi there, I'm working with PHP since 3 weeks, so I'm newbie and maybe I
> could say some bull :-)
> That's my question:
> Let's suppose that I make a ...mmm...forum. Now, in a Textbox i write my
> comment and I add also this
> //some instruction to erase my site's root directory
> ?>
> So I post all I wrote to db.
> Ok, when I gonna read this record from database with the other comments,
> is here the possibility that piece of code, is executed, making some
> "disaster" into my directory?
> I hope you understand my question,and sorry x my english... :)
> tia, jonny
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
