Re: Ajax and PHP: XMLHTTP

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Micky Hulse wrote:

<?=$_SERVER['PHP_SELF']?>

Can I replace the above with some sort of XMLHTTP request?
As noted, that's a javascript question. However your PHP code is vulnerable to XSS attacks; you should at least encode the output with htmlspecialchars() so that URLs like "foo.php/<script>alert('hi');</script>" are safe. 
eg. <?php echo htmlspecialchars($_SERVER['PHP_SELF']); ?>

Arpad

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux