Hi gang:
Okay, so,what's the "best" (i.e., most secure) way for your script to
identify itself *IF* you plan on using that information later, such
as the value in an action attribute in a form?
For example, I was using:
$self = basename($_SERVER['SCRIPT_NAME']);
<form name="my_form" action="<?php echo($self); ?>" method="post" >
However, that was susceptible to XSS.
http://www.mc2design.com/blog/php_self-safe-alternatives
says a simple action="#" would work.
But is there a better way?
What would do you do solve this?
Cheers,
tedd
--
-------
http://sperling.com/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
