I need to do some stuff on MLM system so i will be using matrix caculation, i need a tutorial on it. On 9/23/08, Micah Gersten <micah@xxxxxxxxxxx> wrote: > > Only is register_globals is on can that reset a variable. You are > correct though, defining directory paths is safer. > > Thank you, > Micah Gersten > onShore Networks > Internal Developer > http://www.onshore.com > > > > Joseph Crawford wrote: > > read up on register_globals. It is a security risk because if i do > > http://domain.com/file.php?plugins_directory=/directory/ > > > > it can reset your variable. > > > > the best way to do that is to make PLUGINS_DIR a constant > > > > define('PLUGINS_DIR', '/directory/'); > > > > Joseph Crawford > > > > On Sep 23, 2008, at 12:58 PM, michael wrote: > > > >> I get an error stating that this line in my code is a security risk > >> when I code it. > >> > >> require_once($PLUGINS_DIRECTORY."forum/forum.php"); > >> > >> here is what the explanation is: > >> > >> include() or analogous is used with variable argument this can be > >> dangerous since variables are in many cases controlled by remote users. > >> > >> the recommended soloution is to write it this way > >> > >> define('SCRIPT_PATH',"/htdocs"); > >> include ('sSCRIPT_PATH."/Foo.inc"); > >> > >> my question is why is the other way safer? im kinda confused.. > >> > >> > >> > >> -- > >> PHP Database Mailing List (http://www.php.net/) > >> To unsubscribe, visit: http://www.php.net/unsub.php > >> > > > > > > -- > PHP Database Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- I develop dynamic website with PHP & MySql, Let me know about your site
