Load XML from External Domains

I was looking at http://www.kirupa.com/web/load_xml.htm and it is a very bad example!

One should use readfile() instead of include(). Then the <? ?> tags will not be executed as PHP. Using include opens up all kinds of security issues: What if someone passed a URL they controlled? Then they could run arbitrary code on your server!

The comment “I[FONT=Arial][SIZE=2]f that tag is included in the XML-file, it will cause a PHP parse error, since php will treat everything within the <? and ?> as PHP-code” should have sent off alarm bells.

Also, if you turn off short_open_tags then <? will be ignored and you’ll require <?php ?> for all PHP code.