On Wed, 25 Jul 2001, Jason Thomas wrote: > not that I know of, but I would suggest turning on tainted mode and > passing all external variables through a regex. , those that are set by the client. DOCUMENT_ROOT is set by the server, so it's just unneccessary overhead. you can of course do that, but if you don't trust your webserver, why are you running it at the first place ? :> -- [-] "you're wasting my time, chatterbox."