Micky Hulse wrote:
As noted, that's a javascript question. However your PHP code is vulnerable to XSS attacks; you should at least encode the output with htmlspecialchars() so that URLs like "foo.php/<script>alert('hi');</script>" are safe.<?=$_SERVER['PHP_SELF']?> Can I replace the above with some sort of XMLHTTP request?
eg. <?php echo htmlspecialchars($_SERVER['PHP_SELF']); ?> Arpad -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php