Hi, James. James Benson wrote:
Even if you can embed PHP in a GIF it would still need to be executed by PHP as PHP code, would PHP actually execute that file when it looks like an image, I would think PHP would output an error?
Unless you include/require or eval() its content, PHP won't execute it.
More importantly though, you should be checking the file extension of uploaded files to make sure it is only a .gif
I can make a javascript file with a .gif extension, actually. Take a look at exif_imagetype(). Regards. -- Gustavo Narea. PHP Documentation - Spanish Translation Team. Valencia, Venezuela. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
