in reply to CGI Security and the null byte problem
speaking of null byte problems, i was once bit while trying to do join("\0", array('a', 'b', 'c')) in some PHP code.
it doesn't work!
the result is (in hex):61 62 63 00 00
one could say, perhaps, that there is a moral to all this...use perl;
for those to whom it isn't apparent, the correct result (which are easily produced by the equivalent Perl, join "\0", qw(a b c)) is:61 00 62 00 63