Jump to content
Sign in to follow this  
ironheartbj18

How To Avoid $_SERVER["PHP_SELF"] Exploits?

Recommended Posts

I am reading at w3schools.com I do not understand fully. (look at green TEXT color) I am trying to playground on my notepad++ it said $_SERVER["PHP_SELF"] exploits can be avoided by using the htmlspecialchars() function.The form code should look like this:<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">The htmlspecialchars() function converts special characters to HTML entities. Now if the user tries to exploit the PHP_SELF variable, it will result in the following output: can i editor like this? since its error. <html><body> <form method = "POST" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>new8.php"> <b>UserName: </b><input type="text" name="username"><br><b>password: </b> <input type="password" name="password"><br><input type="submit"></form> </body></html>

 

please let me know thanks.

Share this post


Link to post
Share on other sites

For what it's worth, it is not necessary to use PHP to write the URL to the same page in the form action. If you just leave the action attribute out, it defaults to the current page.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
Sign in to follow this  

×
×
  • Create New...