=&{()}"]; //Other functions properly perform HTML output encoding (e.g. fopen) fopen("'';!--\"=&{()}", "r"); ?>