I only skimmed the article, but it doesn't appear to touch on security at all, Peter. The code fragment you send the list will only insert the contents of an HTML page [$page is a variable] between the <div> tags. If you're looking for security, try: PHP Login System with Admin Features http://evolt.org/node/60384 Jeffrey -- Cheers. Jeffrey Barke jeffery.barke at theMechanism.com Lead Developer, US theMechanism - New York City 440 9th Avenue, 8th Floor New York, NY 10001-1631 t: +1 212.404.3150 c: +1 917.941.1232 f: +1 212.404.3228 http://www.theMechanism.com Subscribe to theMechcast, our monthly Podcast: http://feeds.feedburner.com/theMechcast theMechanism - London 3rd Floor 405 The Strand London E14 9FW United Kingdom t: +44 (0)20 7240 4942 f: +44 (0)20 7240 2262 -- The information contained in this Electronic mail message is attorney privileged and confidential information intended only for the use of the individual or entity named above. Such information also is intended to be privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that any dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by telephone. Blah, blah, blah... -- On May 15, 2007, at 5:34 PM, P Chen wrote: > I was reading an old tutorial on A List Apart regarding building a PHP > template based site using the following code to insert page-specific > content, but wasn't sure if this was sufficient in terms of > security. I > don't know much about php security, so I'm hoping someone can shed > light on > this piece of code, what it's vulnerable to, etc... > > http://alistapart.com/articles/phpcms/ > > <div class="body"> > <?php @ require_once ("$page.html"); ?> > </div> > > Thanks, > Peter > > -- > > * * Please support the community that supports you. * * > http://evolt.org/help_support_evolt/ > > For unsubscribe and other options, including the Tip Harvester > and archives of thelist go to: http://lists.evolt.org > Workers of the Web, evolt !