On Jan 13, 2009, at 1:29 PM, Eric Butera wrote:
On Tue, Jan 13, 2009 at 1:14 PM, Jason Pruim <japruim@xxxxxxxxxx>
wrote:
On Jan 13, 2009, at 9:46 AM, Ashley Sheridan wrote:
On Tue, 2009-01-13 at 09:33 -0500, tedd wrote:
At 2:33 PM +0000 1/13/09, Ashley Sheridan wrote:
On Tue, 2009-01-13 at 09:20 -0500, tedd wrote:
Jason:
In addition to what everyone else has said, try this:
$self = basename($_SERVER['SCRIPT_NAME'])
I use it for forms -- you might find it useful.
Cheers,
tedd
--
-------
http://sperling.com http://ancientstones.com http://
earthstones.com
No need to use it on forms, as leaving the action attribute
empty means
the form sends to itself anyway.
Ash
Ash:
That's what I've said for years, but (I think it was on this list,
but too lazy to look) there was a concern that some browsers may
not
follow that default behavior.
However, using what I provided will work regardless.
Cheers,
tedd
--
-------
http://sperling.com http://ancientstones.com http://
earthstones.com
I've not yet seen a browser that doesn't do this, and it's pretty
old
HTML really, so I don't see a reason why any new browsers wouldn't
incorporate it.
I prefer to be specific in my programming :)
What I typically do with self submitting forms is:
<?PHP
$self = $_SERVER['PHP_SELF'];
echo <<<HTML
<form method="post" action="{$self}">
...
</form>
HTML;
?>
But to each his (Or her) own right?
--
Jason Pruim
japruim@xxxxxxxxxx
616.399.2355
You know that's asking for xss, right?
Not until just now.... But I'll be looking into that and changing it
to something more secure very shortly.
--
Jason Pruim
japruim@xxxxxxxxxx
616.399.2355
