But we could use rawurlencode($_SERVER['PHP_SELF']), no?
João
Michael A. Peters wrote:
Nisse Engström wrote:
On Wed, 18 Feb 2009 10:37:53 -0800, "Michael A. Peters" wrote:
http://www.gfx-depot.com/forum/-php-server-php-self-validation-t-1636.html
explains a technique to validate the input as well (don't trust that
is clean)
Amazing! Not once did they mention htmlspecialchars().
/Nisse
htmlspecialchars causes problems if you are going to use the data with
DOMDocument.
I believe the point was to produce a proper _SERVER['PHP_SELF'] - not a
sanitized but still borked version.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php