[FX.php List] Why doesn't this parse?

Erik Andreas Cayré erik at cayre.dk
Tue May 20 15:18:48 MDT 2008


Den 20/05/2008 kl. 20.15 skrev Chris Hansen:

> (2) what you want to do does have security implications if not  
> managed properly...

I completely agree.
You may run into trouble when someone gets curious and starts  
experimenting with different variable names, just to see what happens...

I would suggest using some homegrown mailmerge tags which you define,  
AND check in the POST'ed data, and do some simple substitution,  
keeping the variable names in your PHP code completely private...

For example (conceptual, has not been tested...):

$mergetags = array (
'##name##' => '$name';
'##address##' => '$address';
etc.

.
.
.


med venlig hilsen
---
Erik Andreas Cayré
Spangsbjerg Møllevej 169
6705 Esbjerg Ø

Privat Tel: 75150512
Mobil: 40161183

---
»Ved indlæring er interessen så meget mere effektiv end frygt, som en  
atomeksplosion er stærkere end en knallert.«

--Stanley Kubrick

»Kun p....sure mennesker kan ændre verden. Innovation skabes ikke af  
'markedsanalyse', men af folk, der er afsindigt irriterede over  
tingenes tilstand «
--Tom Peters

»Hvis du ikke kan forklare det simpelt, forstår  du det ikke godt nok.«
-- Albert Einstein

»Hvis du ikke har tid til at gøre det rigtigt, hvornår vil du så have  
tid til at lave det om?«
-- John Wooden, basketball coach



-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 1924 bytes
Desc: not available
Url : http://www.iviking.org/pipermail/fx.php_list/attachments/20080520/784b4309/smime.bin


More information about the FX.php_List mailing list