Hi, Saturday, October 11, 2003, 3:33:05 AM, you wrote: CZ> On Fri, 10 Oct 2003 13:09:16 -0400, Scott Fletcher <[EMAIL PROTECTED]> wrote:
>> Hi Fellas! >> >> Did anyone have success with making the required function work if using >> this sample code. It didn't work for me. >> >> --snip-- >> require("$_REQUEST['PDF_LIB_PATH']"); >> --snip-- CZ> When you access an array inside of a string you half to tell php that it CZ> is a variable by enclosing it with curly brackets: CZ> require("{$_REQUEST['PDF_LIB_PATH']}"); CZ> Now the question is, what happens if I access your site like so: CZ> http://yoursite.com/yourfile.php?PDF_LIB_PATH=%2fetc%2fpasswd CZ> Always verify your data that is passed in by the user, you might CZ> want to read: CZ> http://php.net/manual/en/security.filesystem.php CZ> HTH, CZ> Curt CZ> -- Or drop the quotes they are not needed if there are only variables involved -- regards, Tom -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php