> On Fri, 19 Apr 2002, Jeff Oien wrote:
> >> Use eval().
> >
> > I have $url (literally) embedded in some text in the database that is to be
> > sent as an email message. I'm using this and $url disappears with a blank
> > spot in the text:
> > eval("\$body = \"$body\";");
> > I've tried variations and can't get it to work. Any help? Thanks.
>
> While you could do something like:
>
> $body = eval("return \"{$body}\";");
>
> ...the huge, monstrous, gigantic problem is that if you allow anyone to
> edit any part of $body or any string that goes into it, you are basically
> handing them control of your server, because they can get eval() to
> execute any code they want.
>
> Far better would be to put a placeholder in $body like @@@ and then just
> do $body = ereg_replace('@@@', $url, $body);
>
> miguel
That's giving me a blank also. The form for changing the email is in a
password protected area where only two people are allowed. But I'll
implement the more secure version when I can get it to work. Thanks
for the help.
Jeff Oien
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
