> if allow_url_include is turned off, you don't have to worry much about http, > if '.' is a invalide char, you can't include *.php... > the include path probably should be the inc(whatever the name) > folder(not accessible from web) instead of the web root and '..' > should be disallowed Hi Ryan! Many thanks for your help, I really appreciate it. :) How does this look: <http://sandbox.hulse.me/secure_inc_str.txt> How could my code be improved? Thanks again for the help, I really appreciate it. :) Cheers, Micky -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
