Jean Lee wrote:
Could you explain what was my fault concerned about this case?
<?php
$handle = fopen("./menu.php", "r");
$contents = "";
if ($handle) {
while (!feof($handle)) {
$buffer = fgets($handle);
$contents = $contents . $buffer;
}
fclose($handle);
}
echo "<textarea cols=80 rows=30>" . $contents . "</textarea>";
?>
As Andrew pointed out, you need to use htmlspecialchars()
echo "<textarea cols=80 rows=30>" .htmlspecialchars($contents).
"</textarea>";
The reason for that is because the text may contain html control
characters like <>&'" which the browser will attempt to interpret.
http://php.net/htmlspecialchars
I usually use htmlentities() instead
http://de.php.net/manual/en/function.htmlentities.php
--
John
Those willing to give up a little liberty for a little security
deserve neither security nor liberty.
[Benjamin Franklin]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
