aneeshrp
-
Posts
3 -
Joined
-
Last visited
Never
Posts posted by aneeshrp
-
-
http://php.net says
$_SERVER is an array containing information such as headers, paths, and script locations. The entries in this array are created by the web server. There is no guarantee that every web server will provide any of these; servers may omit some, or provide others not listed here. That said, a large number of these variables are accounted for in the » CGI/1.1 specification, so you should be able to expect those.however you could try the following this
1. use "" in form's action attribute, From my understanding leaving the action blank (action=”") is not proper and still open to XSS attacks.
or
use __FILE__ constant with basename()
<form method="post" name="helloworld" action="<?php echo basename( __FILE__ );?>"> <input type="submit" name="submit" value="Submit" /> </form>
-
Hi Guys,
Hope all of you are doing well.
Is it possible to convert Powerpoint to an HTML file using php, if so how we can do that. Please help me its an immediate requirment.
Thanks in Advance
Aneesh R
Getting parameters from a query
in PHP Coding Help
Posted
You have to escape string when you assign the query to $aStatement. Normally in php apps, the data part for the query will be taken from $_GET or $_POST. It is always advised to escape string before executing it in DB.
Alternatively you can make use of php's array map function at the start of your code to escape string.
$_GET = array_map('mysql_real_escape_string', $_GET);
$_POST = array_map('mysql_real_escape_string', $_POST);