On Wednesday 01 August 2001 13:51, Meir Kriheli wrote:
> I'm writing a form class which can also validate the form and I want to
> define the rules for validating the forms, so when defining the form I can
> add...
Sorry - I should have read your earlier post :)
I suspect that you are probably safe in this instance, however I always play
safe on this kind of thing and sacrifice functionality for security. I'm sure
you can devise rules which will be be obviously unsafe, but you may also be
able to devise rules which look safe on the surface, but may be exploitable
after careful study. If it was my project, I think I would devise a system
which avoided the use of eval - even if it meant losing some performance and
versatility.
Cheers
--
Phil Driscoll
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
