Section B.10. preg_replace( )


B.10. preg_replace( )

The preg_replace( ) function is useful for making string replacements that match a pattern. It can be extremely dangerous when tainted data is used to construct the pattern, however, because the e modifier makes it treat the replacement parameter as PHP code after the substitution.

When used with the e modifier, regardless of whether it is intentional, it carries the same risk as eval( ). This function is a good candidate for inspection during a security audit or peer review.




Essential PHP Security
Essential PHP Security
ISBN: 059600656X
EAN: 2147483647
Year: 2005
Pages: 110

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net