SitePoint Sponsor

User Tag List

Results 1 to 7 of 7
  1. #1
    SitePoint Evangelist
    Join Date
    Jun 2005
    Posts
    436
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    $_SERVER['PHP_SELF'] That appends URL Variables?

    I'm using php_self for my form action and I lose the URL variables whenever the form is submitted, are there any alternatives besdies adding them manually?

    Thanks,
    e39m5

  2. #2
    . shoooo... silver trophy logic_earth's Avatar
    Join Date
    Oct 2005
    Location
    CA
    Posts
    9,013
    Mentioned
    8 Post(s)
    Tagged
    0 Thread(s)
    PHP Code:
    $_SERVER['QUERY_STRING'
    Might have forgotten the correct key...
    Logic without the fatal effects.
    All code snippets are licensed under WTFPL.


  3. #3
    SitePoint Evangelist
    Join Date
    Jan 2005
    Posts
    502
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I would be careful about using $_SERVER['PHP_SELF'] and the like as it leaves you open to XSS attacks

  4. #4
    ✯✯✯ silver trophybronze trophy php_daemon's Avatar
    Join Date
    Mar 2006
    Posts
    5,284
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Yep, so most likely you wanna use htmlentities or striptags on them.
    Saul

  5. #5
    SitePoint Evangelist
    Join Date
    Jun 2005
    Posts
    436
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    so the best method is to type out the url and append the variables manually?

    Thanks
    e39m5

  6. #6
    ✯✯✯ silver trophybronze trophy php_daemon's Avatar
    Join Date
    Mar 2006
    Posts
    5,284
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    It's always the most secure, and is of course the best way secure-wise. But we don't wanna enter hundreds of urls manually, so as long as you validate the input, you're ok. Those two functions can do the job.
    Saul

  7. #7
    SitePoint Evangelist
    Join Date
    Jun 2005
    Posts
    436
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    i was only a few pages in development, now im just defining a $self variable in the first few lines of each page and before I include my header (which has a form where $self needs to be defined). Seems to be working well.

    e39m5


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •