> OK, I checked into this further, and I must apologize: you are correct. > I suspect that most of us didn't remember that this feature even > existed...
You don't have to apologize. And indeed... I don't get the idea that many people know about this. Besides you and maybe one or two others I haven't heard from anyone else who knows this. And, well... before last week I didn't know it either ;) > Anyway, I have now documented this, along with several of its existing > restrictions. It should show up in the online manual within the next few > days. Thx! And I've fixed my scripts. So everyone happy I guess. > FWIW, this feature currently (in all versions up to 4.1.1) suffers from > the following problems: > > o File reading is not subject to open_basedir. > o File reading is not subject to safe_mode. > o The last character of the filename parameter is replaced with \0 > after the call to odbc_execute(). > o This kinda makes it impossible to use a string which begins and > ends with single quotes as a parameter replacement. > > These are also in the documentation which I added to odbc_execute(). > > I've submitted patches for the first three problems to the dev team; I > guess we'll see whether someone gets around to committing them in time > for 4.2.0. I personally would like to see a cleaner way to do this > though. Seems like a good idea... your patches, I mean. I hadn't looked into it that much, so I didn't know 'bout those prob's. Except ofcourse that I could indeed simply access any directory on the server (as long as it's readable for the webserver ofcourse). -- * R&zE: -- »»»»»»»»»»»»»»»»»»»»»»»» -- Renze Munnik -- DataLink BV -- -- E: [EMAIL PROTECTED] -- W: +31 23 5326162 -- F: +31 23 5322144 -- M: +31 6 21811143 -- -- Stationsplein 82 -- 2011 LM HAARLEM -- Netherlands -- -- http://www.datalink.nl -- «««««««««««««««««««««««« -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
