On Tuesday, January 30, 2001 at 3:04 PM, Alexandar Skwar wrote:
> So sprach Daniel Grace am Thu, Jan 25, 2001 at 07:18:52PM -0800:
> > readfile($filename);
>
> Why not include?
>
Because include will execute any PHP code in the included file and readfile
will not, it just dumps the entire file to the webbrowser.
If you want to display the contents of an HTML document and that HTML
document should not have any PHP code in it, it's best to play it safe and
use readfile(). This is especially true if the HTML document can be visitor
modified (say, a guestbook), as not doing so could potentially let anybody
execute any PHP code they want on your webserver.
- Daniel Grace <http://dewin.oldbattery.com/>
"Space may be the final frontier but its made in a Hollywood basement."
- Red Hot Chili Peppers - Californication
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
