by Kevin Schroeder | 12:00 am

Why you should be careful with phpinfo

I recently posted an image on why you shouldn’t put phpinfo() calls in your code.

There were a couple of comments from people asking “why not?”

Here’s why not.

Go to Google

Search for inurl:phpinfo

Check out the results

At the time of writing there were 4 pages on the first result page that were broadcasting their settings.

Here’s another fun one. Search for “inurl:phpinfo root”. Lots more.

There’s a bunch of information that you will see.

186 words ()