neoform Posted March 7, 2007 Share Posted March 7, 2007 other than: < ? > ' " $ what else should i escape from a string if i'm to write it into a php file? i'm writing the following line to my vars.php file $file_contents .= "define('".$var_name."', base64_decode('".base64_encode($value)."'));\n"; I wanna get away from using base64 since it's completely unreadable, but I don't want to create an exploit either.. ($var_name is already clean, only [A-Za-z\_] accepted). Quote Link to comment Share on other sites More sharing options...
btherl Posted March 7, 2007 Share Posted March 7, 2007 Enclose your string in single quotes, then you only need to escape single quotes and backslashes. Nothing else. You might want to consider heredoc syntax as well, which doesn't require escaping. http://www.php.net/manual/en/language.types.string.php#language.types.string.syntax.single Quote Link to comment Share on other sites More sharing options...
neoform Posted March 7, 2007 Author Share Posted March 7, 2007 I had a feeling that was the case.. I just didn't want to take any chances, since this could potentially be a large security flaw.. Thanks Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.