Jump to content

Is it safe to use $_SERVER['PHP_SELF'] outside a form or link?


Recommended Posts


I'm new to PHP and I was wondering if it's perfectly safe to use $_SERVER['PHP_SELF'] like so:

<body<?php  if(basename($_SERVER['PHP_SELF']) ==  'home.php') echo  ' class="home"'; ?>>

As far as I understand, the $_SERVER['PHP_SELF'] variable can only be exploited when used as a link or in a form/inputs, where the variable should be wrapped into htmlspecialchars() to counter XSS attacks, am I right?


Edited by Junitar
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Create New...