Jump to content

How To Avoid $_SERVER["PHP_SELF"] Exploits?


Recommended Posts

I am reading at w3schools.com I do not understand fully. (look at green TEXT color) I am trying to playground on my notepad++ it said $_SERVER["PHP_SELF"] exploits can be avoided by using the htmlspecialchars() function.The form code should look like this:<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">The htmlspecialchars() function converts special characters to HTML entities. Now if the user tries to exploit the PHP_SELF variable, it will result in the following output: can i editor like this? since its error. <html><body> <form method = "POST" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>new8.php"> <b>UserName: </b><input type="text" name="username"><br><b>password: </b> <input type="password" name="password"><br><input type="submit"></form> </body></html>


please let me know thanks.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Create New...