Does any page on your site do an include() or require() based on a URL or form value? If so, if you do not properly validate/filter that value, it's relatively easy to make the page include a remote file that could do all sorts of things, such as injecting links into all of your pages. (This is one reason that many hosts disable the allow_url_fopen PHP option.)
"Please give us a simple answer, so that we don't have to think, because if we think, we might find answers that don't fit the way we want the world to be."
~ Terry Pratchett in Nation
well, i do have to get data from the dabase. but i checked the database for any erroneous injections but did not find anything fishy..
regarding includes, i have used includes but that is for my functions wit a file on my own server..havn't used require() though..
thanx for your replies friends..i wish my problem is solved as soon as possible..waiting for further replies