For the sake of legibility you could always assign the contents of
$_SERVER['PHP_SELF'] to another variable before using it in the print


print "<LI><A HREF='$PHP_SELF?letter=$chars[$cnt]'>";

Shouldn't be a problem security-wise as long as register_globals is off;
Even if somebody tried to pass an arbitrary value to PHP_SELF in the query
string, it would only show up in $_GET['PHP_SELF']. It also provides a quick
way to bring pre- 4.1.2 scripts relying on the old global $PHP_SELF up to


> -----Original Message-----
> From: 1LT John W. Holmes [mailto:[EMAIL PROTECTED]]
> Sent: Monday, April 29, 2002 8:30 AM
> Subject: Re: [PHP] _SERVER variable insd prnt sttmnt
> > > // print "<LI><A HREF='$_SERVER['PHP_SELF']?letter=$chars[$cnt]'>" .
> This is the problem with not breaking out of a string to display
> a variable.
> Ideally, you would do it this way:
> print "<LI><A HREF='" . $_SERVER['PHP_SELF'] . "?letter=" . $chars[$cnt] .
> "'>";
> But some people just have a problem with doing it that way, so you can use
> braces.
> print "<LI><A HREF='{$_SERVER['PHP_SELF']}?letter={$chars[$cnt]}'>";

PHP General Mailing List (
To unsubscribe, visit:

Reply via email to