On Thu, 2007-08-09 at 16:32 -0600, Jacob Wright wrote: > I would assume if you have a page of 50 functions and only one gets called, > it is because you pass in the name of the action you want to happen in the > url: > > actions.php?do=logout > > or something like that. So you just take that string and call your action. > This of course would be a page that assumed a level of trust with the user > or was alright with the user calling any of the 50 functions. > > $func = $_GET['do']; > > $func();
I agree, but your example scares the crap out of me. It directly executes code received from an untrusted outsider. --lonnie _______________________________________________ UPHPU mailing list [email protected] http://uphpu.org/mailman/listinfo/uphpu IRC: #uphpu on irc.freenode.net
