IrOnMaSk Posted July 27, 2011 Share Posted July 27, 2011 Alright guys, So using <?php echo $_SERVER ['PHP_SELF']; ?> is not safe because it opens itself to XSS attack... What do you guys use in replace of that? I been using it forever... Link to comment https://forums.phpfreaks.com/topic/242969-php_self-not-secure/ Share on other sites More sharing options...
Pikachu2000 Posted July 27, 2011 Share Posted July 27, 2011 action="" action="#" action="actual_name_of_script.php" Link to comment https://forums.phpfreaks.com/topic/242969-php_self-not-secure/#findComment-1247939 Share on other sites More sharing options...
AyKay47 Posted July 27, 2011 Share Posted July 27, 2011 I normally use either "#", $_SERVER['SCRIPT_FILENAME'], or $_SERVER['SCRIPT_NAME'] if I don't use the file name itself that is.. "file.php" note that using $_SERVER indices will require your server to have them configured Link to comment https://forums.phpfreaks.com/topic/242969-php_self-not-secure/#findComment-1247941 Share on other sites More sharing options...
IrOnMaSk Posted July 27, 2011 Author Share Posted July 27, 2011 thankx guys, so making sure i'm getting it right... both of you're using the 'script_file_name' so if i'm referencing to itself and the the file i'm coding in name form.php.. the 'script_file_name' whould be 'form.php'? <?php echo $_SERVER ['form.php']; ?> and that code is in that form, form.php thanks for the input Link to comment https://forums.phpfreaks.com/topic/242969-php_self-not-secure/#findComment-1247953 Share on other sites More sharing options...
marcus Posted July 27, 2011 Share Posted July 27, 2011 You would just use HTML, no need for PHP. <form method="post" action="form.php"> Link to comment https://forums.phpfreaks.com/topic/242969-php_self-not-secure/#findComment-1247956 Share on other sites More sharing options...
AyKay47 Posted July 27, 2011 Share Posted July 27, 2011 thankx guys, so making sure i'm getting it right... both of you're using the 'script_file_name' so if i'm referencing to itself and the the file i'm coding in name form.php.. the 'script_file_name' whould be 'form.php'? <?php echo $_SERVER ['form.php']; ?> and that code is in that form, form.php thanks for the input nooo, it would be either <?php echo $_SERVER ['SCRIPT_NAME']; ?> or action="file.php" http://php.net/manual/en/reserved.variables.server.php Link to comment https://forums.phpfreaks.com/topic/242969-php_self-not-secure/#findComment-1247957 Share on other sites More sharing options...
IrOnMaSk Posted July 27, 2011 Author Share Posted July 27, 2011 ah gotcha!!! thankx Link to comment https://forums.phpfreaks.com/topic/242969-php_self-not-secure/#findComment-1247966 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.