How ever can someone inject their code/script onto my webpage? The code is on my server so they don't have access to it. Am I missing something here?
If you allow the user to submit anything that is then displayed our your site, they can inject javascript code unless you do a very good job "sanitizing" the user input.
_______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php
