preg_replace with $_GET ..
Posted: Mon Jul 23, 2007 12:49 pm
Peace ,
First sorry for my poor english
, but i wish to understand me ..
this is a code i doing my test on it , and when the link like that
... everything is okay
but when i change the source code to
i can see my phpinfo for my own local host ..
so , if i work with first code any danger from hackers ?
First sorry for my poor english
Code: Select all
$file = $_GET['file'];
$file = preg_replace("/\.\./", '', $file);Code: Select all
/test.php?file={${phpinfo()}}but when i change the source code to
Code: Select all
//$file = $_GET['file'];
$file = "{${phpinfo()}}";
$file = preg_replace("/\.\./", '', $file);so , if i work with first code any danger from hackers ?