ironheartbj18 Posted April 30, 2014 Share Posted April 30, 2014 I am reading at w3schools.com I do not understand fully. (look at green TEXT color) I am trying to playground on my notepad++ it said $_SERVER["PHP_SELF"] exploits can be avoided by using the htmlspecialchars() function.The form code should look like this:<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">The htmlspecialchars() function converts special characters to HTML entities. Now if the user tries to exploit the PHP_SELF variable, it will result in the following output: can i editor like this? since its error. <html><body> <form method = "POST" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>new8.php"> <b>UserName: </b><input type="text" name="username"><br><b>password: </b> <input type="password" name="password"><br><input type="submit"></form> </body></html> please let me know thanks. Link to comment Share on other sites More sharing options...
justsomeguy Posted April 30, 2014 Share Posted April 30, 2014 Run that code, then view the HTML it produces and see what your change did. Link to comment Share on other sites More sharing options...
davej Posted April 30, 2014 Share Posted April 30, 2014 It's all discussed here... http://www.w3schools.com/php/php_form_validation.asp Link to comment Share on other sites More sharing options...
justsomeguy Posted April 30, 2014 Share Posted April 30, 2014 For what it's worth, it is not necessary to use PHP to write the URL to the same page in the form action. If you just leave the action attribute out, it defaults to the current page. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now