So sorry Tedd,
I was typing away with the rest of that and after hitting send I
notice all I sent was the define.
define('PAGE_1', 1);
I use define because sometimes I want o know what script included another
and if that script does not have a defined value I do not allow it to run.
Just be careful I noticed with integers it will fail to hold the value if it
has a leading zero.
Richard L. Buskirk
-----Original Message-----
From: tedd [mailto:t...@sperling.com]
Sent: Saturday, May 21, 2011 10:11 AM
To: PHP General
Subject: [PHP] Script ID?
Hi gang:
Okay, so,what's the "best" (i.e., most secure) way for your script to
identify itself *IF* you plan on using that information later, such
as the value in an action attribute in a form?
For example, I was using:
$self = basename($_SERVER['SCRIPT_NAME']);
<form name="my_form" action="<?php echo($self); ?>" method="post" >
However, that was susceptible to XSS.
http://www.mc2design.com/blog/php_self-safe-alternatives
says a simple action="#" would work.
But is there a better way?
What would do you do solve this?
Cheers,
tedd
--
-------
http://sperling.com/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
