Thought it might be useful to add a small amount of PHP to one of my Links SQL templates, in order to log the IP address of visitors. I didn't use the PHP template system because I understand that it's not complete yet.

So I simply changed the default build extension from html to php, and added a <? couple of lines of code ?> to the template.

In static mode it works just fine. But in dynamic mode, the PHP code doesn't get passed through apache so it's visible to anyone who does a View Source in their web browser. Complete with all the passwords for connecting to your database.

Be warned!

I fixed it by disabling dynamic mode. Which I did by replacing page.cgi with a file that generates the necessary html for redirecting to the static site. Not ideal, but it'll do for now. I don't want my users using dynamic mode anyway, for performance reasons, but it's worrying if they can surf to page.cgi and see my PHP source code.

Rob.

You could just use a global instead of the php code - much safer.

Guess so. But I don't have time to learn perl right now. It would be handy if there was a simple guide available on how to read, write and search tables via a global. And I want it to work on static pages so it would have to use the $DB thing rather than standard perl DBI tutorial examples from general websites. I tried reading the module documentation but it makes no sense to me at all!

Rob.