[FX.php List] Why doesn't this parse?
Erik Andreas Cayré
erik at cayre.dk
Tue May 20 15:18:48 MDT 2008
Den 20/05/2008 kl. 20.15 skrev Chris Hansen:
> (2) what you want to do does have security implications if not
> managed properly...
I completely agree.
You may run into trouble when someone gets curious and starts
experimenting with different variable names, just to see what happens...
I would suggest using some homegrown mailmerge tags which you define,
AND check in the POST'ed data, and do some simple substitution,
keeping the variable names in your PHP code completely private...
For example (conceptual, has not been tested...):
$mergetags = array (
'##name##' => '$name';
'##address##' => '$address';
etc.
.
.
.
med venlig hilsen
---
Erik Andreas Cayré
Spangsbjerg Møllevej 169
6705 Esbjerg Ø
Privat Tel: 75150512
Mobil: 40161183
---
»Ved indlæring er interessen så meget mere effektiv end frygt, som en
atomeksplosion er stærkere end en knallert.«
--Stanley Kubrick
»Kun p....sure mennesker kan ændre verden. Innovation skabes ikke af
'markedsanalyse', men af folk, der er afsindigt irriterede over
tingenes tilstand «
--Tom Peters
»Hvis du ikke kan forklare det simpelt, forstår du det ikke godt nok.«
-- Albert Einstein
»Hvis du ikke har tid til at gøre det rigtigt, hvornår vil du så have
tid til at lave det om?«
-- John Wooden, basketball coach
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 1924 bytes
Desc: not available
Url : http://www.iviking.org/pipermail/fx.php_list/attachments/20080520/784b4309/smime.bin
More information about the FX.php_List
mailing list