Richard Lynch wrote:
The problem with making it dynamic, is that you've just made it
AWFULLY easy for some Bad Guy to inject their own PHP file into your
system...
Think about that for awhile.
I have thought about it, and I can only see it as possible if the person
already has the ability to write PHP scripts into my directory. If they
can do that, then the damage is already done and they don't need to
bother with slipping the name of their file into my include() functions.
They could just write a script and then execute it from the browser
directly.
If there is some other way for them to exploit a dynamic include()
function, then please let me know.
--
Dave M G
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
