Thanks... "Tom Rogers" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Hi, > > Saturday, October 11, 2003, 3:33:05 AM, you wrote: > CZ> On Fri, 10 Oct 2003 13:09:16 -0400, Scott Fletcher <[EMAIL PROTECTED]> wrote: > > >> Hi Fellas! > >> > >> Did anyone have success with making the required function work if using > >> this sample code. It didn't work for me. > >> > >> --snip-- > >> require("$_REQUEST['PDF_LIB_PATH']"); > >> --snip-- > > CZ> When you access an array inside of a string you half to tell php that it > CZ> is a variable by enclosing it with curly brackets: > > CZ> require("{$_REQUEST['PDF_LIB_PATH']}"); > > > CZ> Now the question is, what happens if I access your site like so: > > CZ> http://yoursite.com/yourfile.php?PDF_LIB_PATH=%2fetc%2fpasswd > > > CZ> Always verify your data that is passed in by the user, you might > CZ> want to read: > > CZ> http://php.net/manual/en/security.filesystem.php > > CZ> HTH, > > CZ> Curt > CZ> -- > > > Or drop the quotes they are not needed if there are only variables involved > > -- > regards, > Tom
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
