Hi gang:

Okay, so,what's the "best" (i.e., most secure) way for your script to identify itself *IF* you plan on using that information later, such as the value in an action attribute in a form?

For example, I was using:

$self = basename($_SERVER['SCRIPT_NAME']);

<form name="my_form" action="<?php echo($self); ?>" method="post" >

However, that was susceptible to XSS.


says a simple action="#" would work.

But is there a better way?

What would do you do solve this?




PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to