04-17-2009, 08:55 PM
|
#15 (permalink)
|
|
The Gregarious
Join Date: Feb 2009
Location: New York
Posts: 645
Thanks: 64
|
Quote:
Originally Posted by Kalle
Just a little security tip; Remember to escape HTML characters when using $_SERVER['PHP_SELF'], as its not filtered and may contain input that can cause XSS
|
hmmm, I know how to escape user input with mysql_real_escape function, how do you escape $_SERVER['PHP_SELF']?
Is it with the mysql function too or is there a PHP function? |
|
|
|