[nycphp-talk] $_SERVER['PHP_SELF'} not working?
Daniel Convissor
danielc at analysisandsolutions.com
Thu Jul 21 19:42:00 EDT 2005
Hi Matt:
On Thu, Jul 21, 2005 at 04:52:18PM -0400, Matt Juszczak wrote:
> is it now crucial to switch this to:
>
> <form method="post" action="<?PHP echo basename($_SERVER['PHP_SELF']);
> ?>">
No, for two reasons:
1) basename() doesn't buy you any security from HTML injection.
2) PHP_SELF is pointless, since the form will act the same way if you just
leave the action blank.
So, just do this:
<form method="post" action="">
--Dan
--
T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y
data intensive web and database programming
http://www.AnalysisAndSolutions.com/
4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: 718-854-0409
More information about the talk
mailing list