Page 1 of 1
self redirect
Posted: Wed Jan 12, 2011 3:15 am
by madu
how to self redirect inside of echo statement
i got error in this statement
//echo '<form name=for method=post action="<?php echo $_SERVER[PHP_SELF]; ?> " >';
Re: self redirect
Posted: Wed Jan 12, 2011 3:28 am
by kalpesh.mahida
Code: Select all
echo '<form name=for method=post action='.$_SERVER['PHP_SELF'].'>';
When a string is specified in single quotes, variables within it are not being parsed.
Re: self redirect
Posted: Wed Jan 12, 2011 5:22 am
by VladSun
Do not use $_SERVER['PHP_SELF'] !
It will introduce XSS vulnerabilities!
Use an empty FORM action parameter:
Code: Select all
<form name="for" method="post" action="">
Re: self redirect
Posted: Wed Jan 12, 2011 6:36 am
by kalpesh.mahida
VladSun,
thanks for drawing attention to XSS vulnerabilities associated with $_SERVER['PHP_SELF']