> Hello. I just finished creating a simple input form in > which the contents of a textarea get written to a file > which in turn gets read by a particular page.
This is a Really Bad Idea(tm). > it seems pretty dangerous to allow a user to enter any > amount of php programming at their will. ... and that's why. > something as simple as a function that strips all <'s > and >'s would work just as well i would imagine. You could just read the file from another script with file() and output it rather than include()'ing it. That way the code is never executed. J -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
