SitePoint Sponsor

User Tag List

Results 1 to 5 of 5

Thread: $php_self?

  1. #1
    SitePoint Enthusiast
    Join Date
    Oct 2008
    Location
    England
    Posts
    80
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    $php_self?

    What is the difference calling the same page name and using php_Self within a form action?

    for example in the form action contact.php page adding the name of the page manually i.e. action="contact.php" and action =<?php $PHP_SELF ?> ?

  2. #2
    . shoooo... silver trophy logic_earth's Avatar
    Join Date
    Oct 2005
    Location
    CA
    Posts
    9,013
    Mentioned
    8 Post(s)
    Tagged
    0 Thread(s)
    You mean $_SERVER['PHP_SELF'] the other form is well dead. The difference is...PHP_SELF is vulnerable to XSS attacks while hard coding is not.
    Logic without the fatal effects.
    All code snippets are licensed under WTFPL.


  3. #3
    SitePoint Enthusiast
    Join Date
    Oct 2008
    Location
    England
    Posts
    80
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    so $_SERVER['PHP_SELF'] offers no value at all?

  4. #4
    SitePoint Guru deepM's Avatar
    Join Date
    Dec 2007
    Location
    India
    Posts
    705
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by tdsmithj View Post
    so $_SERVER['PHP_SELF'] offers no value at all?
    what does that mean?


    as login_earth said is the difference is vulnerable. as the name suggest itself (PHP_SELF) it ll be the filename of the currently executing script.

  5. #5
    SitePoint Addict
    Join Date
    Oct 2008
    Posts
    295
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    It is usefull if someday paths or the filenames of your application will be changed. Then you don't need to change manually the paths/filenames everywhere. Also use $_SERVER['SCRIPT_NAME'] instead of PHP_SELF because PHP_SELF is vulnerable to XSS attacks.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •