[nycphp-talk] $_SERVER['PHP_SELF'} not working?
Matt Juszczak
matt at atopia.net
Thu Jul 21 11:22:10 EDT 2005
Great, and all my old systems use $_SERVER['PHP_SELF'] in the <form
method="action" post="..."> ....................
csnyder wrote:
>This also means that if you use $_SERVER['PHP_SELF'] as the url for a
><form> action, you'd better make sure you filter it using
>htmlentities(). One urlencoded doublequote would open you up to a
>cross-site scripting attack.
>
>You really did open a can of worms, Michael!
>_______________________________________________
>New York PHP Talk Mailing List
>AMP Technology
>Supporting Apache, MySQL and PHP
>http://lists.nyphp.org/mailman/listinfo/talk
>http://www.nyphp.org
>
>
>!DSPAM:42dfb6f8241174053363745!
>
>
More information about the talk
mailing list