self redirect

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
madu
Forum Commoner
Posts: 32
Joined: Sat Dec 25, 2010 3:19 am
Location: india

self redirect

Post by madu »

how to self redirect inside of echo statement
i got error in this statement
//echo '<form name=for method=post action="<?php echo $_SERVER[PHP_SELF]; ?> " >';
kalpesh.mahida
Forum Commoner
Posts: 36
Joined: Wed Oct 06, 2010 7:09 am

Re: self redirect

Post by kalpesh.mahida »

Code: Select all

echo '<form name=for method=post action='.$_SERVER['PHP_SELF'].'>';
When a string is specified in single quotes, variables within it are not being parsed.
User avatar
VladSun
DevNet Master
Posts: 4313
Joined: Wed Jun 27, 2007 9:44 am
Location: Sofia, Bulgaria

Re: self redirect

Post by VladSun »

Do not use $_SERVER['PHP_SELF'] !
It will introduce XSS vulnerabilities!

Use an empty FORM action parameter:

Code: Select all

<form name="for" method="post" action="">
There are 10 types of people in this world, those who understand binary and those who don't
kalpesh.mahida
Forum Commoner
Posts: 36
Joined: Wed Oct 06, 2010 7:09 am

Re: self redirect

Post by kalpesh.mahida »

VladSun,
thanks for drawing attention to XSS vulnerabilities associated with $_SERVER['PHP_SELF']
Post Reply