PHP_SELF
Menu PHP_SELF
 

PHP_SELF

This page requires more content. It was started when I was working on Booking forms.

Used in my php validation

The booking form seems to work with the action="<?php echo $_SERVER['PHP_SELF']; ?>" NOT included in the code.

What form-guide says:

A common use of PHP_SELF variable is in the action field of the <form> tag. The action field of the FORM instructs where to submit the form data when the user presses the "submit" button. It is common to have the same PHP page as the handler for the form as well.

Exploits

The injection of "rogue" Javascript

http://tempusfugit.me.uk/BWVH/movie_book3.php/%22%3E%3Cscript%3Ealert('xss')%3C /script%3E%3Cfoo%22

Supposedly if you paste the url above it will inject an alert box - or any other Javascript!!! - it doesn't seem to work - even when the PHP_SELF action is added.

Top

Links

Top

References: - a note on these -

  • What You Can (And Can’t) Do With WordPress Without Knowing How to Code - https:// www.elegantthemes.com/blog/tips-tricks/ what-you-can-and-cant-do-with-wordpress- without-knowing-how-to-code
  • Why use PHP_SELF - https:// stackoverflow.com/questions/14093316/ why-use-serverphp-self-instead-of
  • PHP: $_SERVER - Manual - https:// www.php.net/manual/en/ reserved.variables.server.php

Site design by Tempusfugit Web Design -