OZONE Asylum
Forums
Server-Side Scripting - Oh my!
PHP injection security?
This page's ID:
28059
Search
QuickChanges
Forums
FAQ
Archives
Register
Edit Post
Who can edit a post?
The poster and administrators may edit a post. The poster can only edit it for a short while after the initial post.
Your User Name:
Your Password:
Login Options:
Remember Me On This Computer
Your Text:
Insert Slimies »
Insert UBB Code »
Close
Last Tag
|
All Tags
UBB Help
That would only be an issue if you were using eval(), but, you're always open to cross site scripting if you don't php->htmlentity() everything you output (preferably: When you output it). Eval() is very very rarely used. In all truth, the only time I've found it usefully and sensible was in factory methods, since PHP apperantly doesn't like [code]$obj = new $var ( ... );[/code] so you had to do it like [code]$obj = eval('return new '. get_class($this). '();');[/code] so long, ->Tyberius Prime
Loading...
Options:
Enable Slimies
Enable Linkwords
« Backwards
—
Onwards »
Maximum Security
OZONE
DHTML/Javascript
Server-Side Scripting - Oh my!
CSS - DOM - XHTML - XML - XSL - XSLT
Stupid Basic HTML
Visual Therapy
Photoshop
Photoshop Pong, Anyone?
***WARNING*** BIG SIG APPROACHING
Photography
3D Modelling & Rendering
Multimedia/Animation
Print Graphics
Holding Pens
Philosophy and other Silliness
Outpatient Counseling
Site reviews!
Mad Scientists' Laboratory
Getting to know the Grail