On Tue, Jan 13, 2009 at 5:27 PM, Ashley Sheridan <a...@ashleysheridan.co.uk> wrote: > On Tue, 2009-01-13 at 13:29 -0500, Eric Butera wrote: >> On Tue, Jan 13, 2009 at 1:14 PM, Jason Pruim <japr...@raoset.com> wrote: >> > >> > On Jan 13, 2009, at 9:46 AM, Ashley Sheridan wrote: >> > >> >> On Tue, 2009-01-13 at 09:33 -0500, tedd wrote: >> >>> >> >>> At 2:33 PM +0000 1/13/09, Ashley Sheridan wrote: >> >>>> >> >>>> On Tue, 2009-01-13 at 09:20 -0500, tedd wrote: >> >>>>> >> >>>>> Jason: >> >>>>> >> >>>>> In addition to what everyone else has said, try this: >> >>>>> >> >>>>> $self = basename($_SERVER['SCRIPT_NAME']) >> >>>>> >> >>>>> I use it for forms -- you might find it useful. >> >>>>> >> >>>>> Cheers, >> >>>>> >> >>>>> tedd >> >>>>> -- >> >>>>> ------- >> >>>>> http://sperling.com http://ancientstones.com http://earthstones.com >> >>>>> >> >>>> No need to use it on forms, as leaving the action attribute empty means >> >>>> the form sends to itself anyway. >> >>>> >> >>>> Ash >> >>> >> >>> >> >>> Ash: >> >>> >> >>> That's what I've said for years, but (I think it was on this list, >> >>> but too lazy to look) there was a concern that some browsers may not >> >>> follow that default behavior. >> >>> >> >>> However, using what I provided will work regardless. >> >>> >> >>> Cheers, >> >>> >> >>> tedd >> >>> >> >>> -- >> >>> ------- >> >>> http://sperling.com http://ancientstones.com http://earthstones.com >> >>> >> >> I've not yet seen a browser that doesn't do this, and it's pretty old >> >> HTML really, so I don't see a reason why any new browsers wouldn't >> >> incorporate it. >> > >> > I prefer to be specific in my programming :) >> > >> > What I typically do with self submitting forms is: >> > <?PHP >> > $self = $_SERVER['PHP_SELF']; >> > >> > >> > echo <<<HTML >> > <form method="post" action="{$self}"> >> > ... >> > >> > </form> >> > HTML; >> > ?> >> > >> > But to each his (Or her) own right? >> > >> > >> > -- >> > Jason Pruim >> > japr...@raoset.com >> > 616.399.2355 >> > >> > >> > >> > >> >> You know that's asking for xss, right? > How would you go about XSS on this? As I see it, you'd need > register_globals on for that to work. > > > Ash > www.ashleysheridan.co.uk > >
Read the examples in the link I provided. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
