On Tue, 2009-01-13 at 13:29 -0500, Eric Butera wrote: > On Tue, Jan 13, 2009 at 1:14 PM, Jason Pruim <japruim@xxxxxxxxxx> wrote: > > > > On Jan 13, 2009, at 9:46 AM, Ashley Sheridan wrote: > > > >> On Tue, 2009-01-13 at 09:33 -0500, tedd wrote: > >>> > >>> At 2:33 PM +0000 1/13/09, Ashley Sheridan wrote: > >>>> > >>>> On Tue, 2009-01-13 at 09:20 -0500, tedd wrote: > >>>>> > >>>>> Jason: > >>>>> > >>>>> In addition to what everyone else has said, try this: > >>>>> > >>>>> $self = basename($_SERVER['SCRIPT_NAME']) > >>>>> > >>>>> I use it for forms -- you might find it useful. > >>>>> > >>>>> Cheers, > >>>>> > >>>>> tedd > >>>>> -- > >>>>> ------- > >>>>> http://sperling.com http://ancientstones.com http://earthstones.com > >>>>> > >>>> No need to use it on forms, as leaving the action attribute empty means > >>>> the form sends to itself anyway. > >>>> > >>>> Ash > >>> > >>> > >>> Ash: > >>> > >>> That's what I've said for years, but (I think it was on this list, > >>> but too lazy to look) there was a concern that some browsers may not > >>> follow that default behavior. > >>> > >>> However, using what I provided will work regardless. > >>> > >>> Cheers, > >>> > >>> tedd > >>> > >>> -- > >>> ------- > >>> http://sperling.com http://ancientstones.com http://earthstones.com > >>> > >> I've not yet seen a browser that doesn't do this, and it's pretty old > >> HTML really, so I don't see a reason why any new browsers wouldn't > >> incorporate it. > > > > I prefer to be specific in my programming :) > > > > What I typically do with self submitting forms is: > > <?PHP > > $self = $_SERVER['PHP_SELF']; > > > > > > echo <<<HTML > > <form method="post" action="{$self}"> > > ... > > > > </form> > > HTML; > > ?> > > > > But to each his (Or her) own right? > > > > > > -- > > Jason Pruim > > japruim@xxxxxxxxxx > > 616.399.2355 > > > > > > > > > > You know that's asking for xss, right? How would you go about XSS on this? As I see it, you'd need register_globals on for that to work. Ash www.ashleysheridan.co.uk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php