Page 1 of 1

self redirect

Posted: Wed Jan 12, 2011 3:15 am
by madu
how to self redirect inside of echo statement
i got error in this statement
//echo '<form name=for method=post action="<?php echo $_SERVER[PHP_SELF]; ?> " >';

Re: self redirect

Posted: Wed Jan 12, 2011 3:28 am
by kalpesh.mahida

Code: Select all

echo '<form name=for method=post action='.$_SERVER['PHP_SELF'].'>';
When a string is specified in single quotes, variables within it are not being parsed.

Re: self redirect

Posted: Wed Jan 12, 2011 5:22 am
by VladSun
Do not use $_SERVER['PHP_SELF'] !
It will introduce XSS vulnerabilities!

Use an empty FORM action parameter:

Code: Select all

<form name="for" method="post" action="">

Re: self redirect

Posted: Wed Jan 12, 2011 6:36 am
by kalpesh.mahida
VladSun,
thanks for drawing attention to XSS vulnerabilities associated with $_SERVER['PHP_SELF']