I know it's been said before, but beware of relying on this value just
for the sole purpose of deciding where things are located, as without a
bit of error checking on it, it can be used for injection attacks and
what-not, although, sadly, I forget the exact post recently that had the
link that explained this issue on PHP_SELF.
Alternatively, $_SERVER['PHP_SELF']) could be switch()ed for known
values, and $path be set accordingly with hardcoded values.
Didn't notice this thread passing from the list. I will look into it.
But sometimes you need to detect where something is located and that's
the point of the whole conversation. If you hardcode the values then you
need to change them while renaming or moving files and directories
So what someone should do to accomplish such a behavior? Without being
vulnerable to injection attacks of course.
--
Thodoris
