neoform Posted March 7, 2007 Share Posted March 7, 2007 other than: < ? > ' " $ what else should i escape from a string if i'm to write it into a php file? i'm writing the following line to my vars.php file $file_contents .= "define('".$var_name."', base64_decode('".base64_encode($value)."'));\n"; I wanna get away from using base64 since it's completely unreadable, but I don't want to create an exploit either.. ($var_name is already clean, only [A-Za-z\_] accepted). Link to comment https://forums.phpfreaks.com/topic/41557-solved-cleaning-a-string-before-inserting-it-into-a-php-file/ Share on other sites More sharing options...
btherl Posted March 7, 2007 Share Posted March 7, 2007 Enclose your string in single quotes, then you only need to escape single quotes and backslashes. Nothing else. You might want to consider heredoc syntax as well, which doesn't require escaping. http://www.php.net/manual/en/language.types.string.php#language.types.string.syntax.single Link to comment https://forums.phpfreaks.com/topic/41557-solved-cleaning-a-string-before-inserting-it-into-a-php-file/#findComment-201420 Share on other sites More sharing options...
neoform Posted March 7, 2007 Author Share Posted March 7, 2007 I had a feeling that was the case.. I just didn't want to take any chances, since this could potentially be a large security flaw.. Thanks Link to comment https://forums.phpfreaks.com/topic/41557-solved-cleaning-a-string-before-inserting-it-into-a-php-file/#findComment-201426 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.