On Tue, Jan 13, 2009 at 1:14 PM, Jason Pruim <japruim@xxxxxxxxxx> wrote: > > On Jan 13, 2009, at 9:46 AM, Ashley Sheridan wrote: > >> On Tue, 2009-01-13 at 09:33 -0500, tedd wrote: >>> >>> At 2:33 PM +0000 1/13/09, Ashley Sheridan wrote: >>>> >>>> On Tue, 2009-01-13 at 09:20 -0500, tedd wrote: >>>>> >>>>> Jason: >>>>> >>>>> In addition to what everyone else has said, try this: >>>>> >>>>> $self = basename($_SERVER['SCRIPT_NAME']) >>>>> >>>>> I use it for forms -- you might find it useful. >>>>> >>>>> Cheers, >>>>> >>>>> tedd >>>>> -- >>>>> ------- >>>>> http://sperling.com http://ancientstones.com http://earthstones.com >>>>> >>>> No need to use it on forms, as leaving the action attribute empty means >>>> the form sends to itself anyway. >>>> >>>> Ash >>> >>> >>> Ash: >>> >>> That's what I've said for years, but (I think it was on this list, >>> but too lazy to look) there was a concern that some browsers may not >>> follow that default behavior. >>> >>> However, using what I provided will work regardless. >>> >>> Cheers, >>> >>> tedd >>> >>> -- >>> ------- >>> http://sperling.com http://ancientstones.com http://earthstones.com >>> >> I've not yet seen a browser that doesn't do this, and it's pretty old >> HTML really, so I don't see a reason why any new browsers wouldn't >> incorporate it. > > I prefer to be specific in my programming :) > > What I typically do with self submitting forms is: > <?PHP > $self = $_SERVER['PHP_SELF']; > > > echo <<<HTML > <form method="post" action="{$self}"> > ... > > </form> > HTML; > ?> > > But to each his (Or her) own right? > > > -- > Jason Pruim > japruim@xxxxxxxxxx > 616.399.2355 > > > > You know that's asking for xss, right? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
