[nycphp-talk] $_SERVER['PHP_SELF'} not working?
Daniel Convissor
danielc at analysisandsolutions.com
Wed Jul 20 19:02:34 EDT 2005
Hey Michael:
On Wed, Jul 20, 2005 at 10:14:17AM -0400, Michael Southwell wrote:
>
> header(
> "Location:$_SERVER[PHP_SELF]?action=internet&reqflag=1&join=$joinFlag");
Putting aside the issues other people mentioned, not quoting key names is
damn ugly and causes notices. You can do any of the following.
"Location: {$_SERVER['PHP_SELF']}?action..."
"Location: ${_SERVER['PHP_SELF']}?action...<br>"
'Location: ' . $_SERVER['PHP_SELF'] . '?action...'
More importantly, PHP_SELF can be tainted by users. Don't assume it's
safe.
--Dan
--
T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y
data intensive web and database programming
http://www.AnalysisAndSolutions.com/
4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: 718-854-0409
More information about the talk
mailing list