Reply to Re: [PHP] passing a variable with php_self

Your name:

Reply:


Posted by Jeffrey Sambells on 10/03/05 18:51

>>
>> can someone show me the right way to do the following...
>>
>> <a href="<?=$PHP_SELF?action=bigger; ?>">
>>
>>
>> I want to pass a variable to a self submitting link.
>>
>> Thanks,
>>
>>
>
> <a href="<? echo $_SERVER['PHP_SELF'].'?action=bigger';?>">


$PHP_SELF should not be used because it will not work without
register_globals being enabled. Rather, you should use $_SERVER
['PHP_SELF'] for it as above however...

Don't forget to check for XSS! Using PHP_SELF you could simply change
the URL in the browser to:

/path/to/script.php"><script>alert('hello');</script><b "

so always run on htmlspecialchars on PHP_SELF!

<a href="<? echo htmlspecialchars($_SERVER['PHP_SELF']).'?
action=bigger';?>">

-Jeff

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Jeffrey Sambells
Director of Research and Development
Zend Certified Engineer (ZCE)

We-Create Inc.
jeff@wecreate.com email
519.745.7374 office
519.897.2552 mobile

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Get Mozilla Firefox at
http://spreadfirefox.com

[Back to original message]


Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация