哪个好php_self或phpfilename.php
问题描述:
friends can any body tell me which is good between php_self or phpfilename.php
some persons use in form action "$_SERVER[PHP_SELF]" and some use "updatedata.php" which one is good and why it is good
朋友们可以告诉我php_self或phpfilename.php之间有什么好处 p>
答
You shouldn't use PHP_SELF its not really neaded the problem is if you echo that variable in a link for example you have XSS attack because all parameters are written to the site.
Here are some cool answers. So its better to use the complete name of the file and put the parameters you need filtered behind the filename.
答
Both are doing same job.But `PHP_SELF` is takes the pathname dynamically
If we use filename.php its should be static
'PHP_SELF'
The filename of the currently executing script, relative to the document root. For instance, $_SERVER['PHP_SELF'] in a script at the address http://example.com/test.php/foo.bar would be /test.php/foo.bar. The __FILE__ constant contains the full path and filename of the current (i.e. included) file. If PHP is running as a command-line processor this variable contains the script name since PHP 4.3.0. Previously it was not available.
PATH_INFO(Filename.php) doesn't seem to be documented...