On 11/30/07 12:46 PM, "John Campbell" <[EMAIL PROTECTED]> wrote: > An empty URI, is a valid URI that just means the current URI. > see: http://www.ietf.org/rfc/rfc2396.txt section 4.2
Really?! Perfect. That's the answer I was hoping for. This section states is clearly. > it doesn't make sense if method="get" True, but I have found that get input variables will override anything that happens to be in the url query. I find few instances where a get form makes much sense anyway, other than filtering/searching. >> (Which leads to the question, is PHP_SELF safe to use, or should you escape >> it?) > > Of course you have to escape it. Which begs the question htmlspecialcharacters or htmlentities. I err on the side of caution, using a single escaping function, to be consistent, that calls htmlentities with the appropriate character set and ENT_QUOTES. _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php
