Reply to Re: Need expert help with advanced form Submit question

Your name:

Reply:


Posted by Jonathan N. Little on 10/20/07 03:50

BootNic wrote:
> "Jonathan N. Little" <lws4art@centralva.net> wrote:
> news:b7604$47190931$40cba7cb$32210@NAXS.COM:
>
>> BootNic wrote:
>>> "Jonathan N. Little" <lws4art@centralva.net> wrote:
>>> news:46b3f$4718be9b$40cba7cb$16012@NAXS.COM:

>>>> <form method="post" action="<?php echo $sanitized; ?>">
>>> $_SERVER["SCRIPT_NAME"] may be an alternative.
>>>
>> Yes, but you would lose and legitimate query string parameters if this
>> was a GET process.
>
> Where would it go?
>
> $_GET perhaps
>

Duh! Of course. $_SERVER["SCRIPT_NAME"] also insures trailing characters
are not parsed and removes that method of XSS. Also if the server has
magic quotes enabled helps.


--
Take care,

Jonathan
-------------------
LITTLE WORKS STUDIO
http://www.LittleWorksStudio.com

[Back to original message]


Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация