Quote Originally Posted by Stormrider View Post
I would be extremely careful with that, that code will enable anyone to run any function they like on your server. Validate the function against a whitelist of allowed functions before calling it.
Perhaps, it can be done like this:
(wrote some quick validations)
Code:
<?php 
$fun = $_GET['fun']; 

if (empty($fun)) { 
standard(); 
} 
else 
{
if($fun != "function1" || $fun != "function2" || $fun != "standard") {
echo "do not mess with the code";
} else {
$fun();
} 
}
 
function standard() { 
echo "<a href=\"?fun=function1\">call function 1</a>";
echo "<a href=\"?fun=function2\">call function 2</a>";
} 
function function1() { 
if($fun != "function1"){ 
 echo "do not mess with the code";
} else {

 echo "this shows function one";
}   
function function2() { 

if($fun != "function2"){ 
 echo "do not mess with the code";
} else {
 echo "this shows function two";
}
}
 
?>
Or isn't this safe?