IrOnMaSk Posted July 27, 2011 Share Posted July 27, 2011 Alright guys, So using <?php echo $_SERVER ['PHP_SELF']; ?> is not safe because it opens itself to XSS attack... What do you guys use in replace of that? I been using it forever... Quote Link to comment https://forums.phpfreaks.com/topic/242969-php_self-not-secure/ Share on other sites More sharing options...
Pikachu2000 Posted July 27, 2011 Share Posted July 27, 2011 action="" action="#" action="actual_name_of_script.php" Quote Link to comment https://forums.phpfreaks.com/topic/242969-php_self-not-secure/#findComment-1247939 Share on other sites More sharing options...
AyKay47 Posted July 27, 2011 Share Posted July 27, 2011 I normally use either "#", $_SERVER['SCRIPT_FILENAME'], or $_SERVER['SCRIPT_NAME'] if I don't use the file name itself that is.. "file.php" note that using $_SERVER indices will require your server to have them configured Quote Link to comment https://forums.phpfreaks.com/topic/242969-php_self-not-secure/#findComment-1247941 Share on other sites More sharing options...
IrOnMaSk Posted July 27, 2011 Author Share Posted July 27, 2011 thankx guys, so making sure i'm getting it right... both of you're using the 'script_file_name' so if i'm referencing to itself and the the file i'm coding in name form.php.. the 'script_file_name' whould be 'form.php'? <?php echo $_SERVER ['form.php']; ?> and that code is in that form, form.php thanks for the input Quote Link to comment https://forums.phpfreaks.com/topic/242969-php_self-not-secure/#findComment-1247953 Share on other sites More sharing options...
marcus Posted July 27, 2011 Share Posted July 27, 2011 You would just use HTML, no need for PHP. <form method="post" action="form.php"> Quote Link to comment https://forums.phpfreaks.com/topic/242969-php_self-not-secure/#findComment-1247956 Share on other sites More sharing options...
AyKay47 Posted July 27, 2011 Share Posted July 27, 2011 thankx guys, so making sure i'm getting it right... both of you're using the 'script_file_name' so if i'm referencing to itself and the the file i'm coding in name form.php.. the 'script_file_name' whould be 'form.php'? <?php echo $_SERVER ['form.php']; ?> and that code is in that form, form.php thanks for the input nooo, it would be either <?php echo $_SERVER ['SCRIPT_NAME']; ?> or action="file.php" http://php.net/manual/en/reserved.variables.server.php Quote Link to comment https://forums.phpfreaks.com/topic/242969-php_self-not-secure/#findComment-1247957 Share on other sites More sharing options...
IrOnMaSk Posted July 27, 2011 Author Share Posted July 27, 2011 ah gotcha!!! thankx Quote Link to comment https://forums.phpfreaks.com/topic/242969-php_self-not-secure/#findComment-1247966 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.