First sorry for my poor english
Code: Select all
$file = $_GET['file'];
$file = preg_replace("/\.\./", '', $file);Code: Select all
/test.php?file={${phpinfo()}}but when i change the source code to
Code: Select all
//$file = $_GET['file'];
$file = "{${phpinfo()}}";
$file = preg_replace("/\.\./", '', $file);so , if i work with first code any danger from hackers ?