Thanks... "Curt Zirzow" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > On Fri, 10 Oct 2003 13:09:16 -0400, Scott Fletcher <[EMAIL PROTECTED]> wrote: > > > Hi Fellas! > > > > Did anyone have success with making the required function work if using > > this sample code. It didn't work for me. > > > > --snip-- > > require("$_REQUEST['PDF_LIB_PATH']"); > > --snip-- > > When you access an array inside of a string you half to tell php that it > is a variable by enclosing it with curly brackets: > > require("{$_REQUEST['PDF_LIB_PATH']}"); > > > Now the question is, what happens if I access your site like so: > > http://yoursite.com/yourfile.php?PDF_LIB_PATH=%2fetc%2fpasswd > > > Always verify your data that is passed in by the user, you might > want to read: > > http://php.net/manual/en/security.filesystem.php > > HTH, > > Curt > --
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
