Hi,

Saturday, October 11, 2003, 3:33:05 AM, you wrote:
CZ> On Fri, 10 Oct 2003 13:09:16 -0400, Scott Fletcher <[EMAIL PROTECTED]> wrote:

>> Hi Fellas!
>>
>> Did anyone have success with making the required function work if using
>> this sample code.  It didn't work for me.
>>
>> --snip--
>> require("$_REQUEST['PDF_LIB_PATH']");
>> --snip--

CZ> When you access an array inside of a string you half to tell php that it
CZ> is a variable by enclosing it with curly brackets:

CZ>   require("{$_REQUEST['PDF_LIB_PATH']}");


CZ> Now the question is, what happens if I access your site like so:

CZ>   http://yoursite.com/yourfile.php?PDF_LIB_PATH=%2fetc%2fpasswd


CZ> Always verify your data that is passed in by the user, you might
CZ> want to read:

CZ>   http://php.net/manual/en/security.filesystem.php

CZ> HTH,

CZ> Curt
CZ> --


Or drop the quotes they are not needed if there are only variables involved

-- 
regards,
Tom

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to