Posted by Jeffrey Sambells on 10/03/05 18:51
>>
>> can someone show me the right way to do the following...
>>
>> <a href="<?=$PHP_SELF?action=bigger; ?>">
>>
>>
>> I want to pass a variable to a self submitting link.
>>
>> Thanks,
>>
>>
>
> <a href="<? echo $_SERVER['PHP_SELF'].'?action=bigger';?>">
$PHP_SELF should not be used because it will not work without
register_globals being enabled. Rather, you should use $_SERVER
['PHP_SELF'] for it as above however...
Don't forget to check for XSS! Using PHP_SELF you could simply change
the URL in the browser to:
/path/to/script.php"><script>alert('hello');</script><b "
so always run on htmlspecialchars on PHP_SELF!
<a href="<? echo htmlspecialchars($_SERVER['PHP_SELF']).'?
action=bigger';?>">
-Jeff
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Jeffrey Sambells
Director of Research and Development
Zend Certified Engineer (ZCE)
We-Create Inc.
jeff@wecreate.com email
519.745.7374 office
519.897.2552 mobile
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Get Mozilla Firefox at
http://spreadfirefox.com
[Back to original message]
|