Search the Community
Showing results for tags 'php_self'.
The search index is currently processing. Current results may not be complete.
Hi, I'm new to PHP and I was wondering if it's perfectly safe to use $_SERVER['PHP_SELF'] like so: <body<?php if(basename($_SERVER['PHP_SELF']) == 'home.php') echo ' class="home"'; ?>> … </body> As far as I understand, the $_SERVER['PHP_SELF'] variable can only be exploited when used as a link or in a form/inputs, where the variable should be wrapped into htmlspecialchars() to counter XSS attacks, am I right?