Dan Cech wrote: > > > As I outlined earlier in this thread, this will _not_ work if php is > running as a cgi, you'll get 'php4-cgi' instead of 'myfilename.php' > unless you have cgi.fix_pathinfo set to 1 (default is 0). > > Your previous comment regarding the fact that __FILE__ will give the > name of the file it is placed in rather than the requested file is > perfectly valid and worth keeping in mind. > > I'm starting to wonder whether the construct > > <form action="?" method="post"> > > might be a simple secure way of getting around the requirement of having > something in the action field. That doesn't help with the problem of > correctly and securely generating the root-relative URL of a script > however. > > Dan > >
sorry for not remembering that earlier post of yours. i never had problems with forms without any "action" field at all, although someone stated that it was "undefined" - at least it is better than $PHP_SELF ;) -- View this message in context: http://www.nabble.com/Holiday-Greetings-to-Everyone...-tf2882582.html#a8114735 Sent from the NYPHP-Talk mailing list archive at Nabble.com. _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php
