04-17-2009, 10:59 PM
|
#19 (permalink)
|
|
The Gregarious
Join Date: Feb 2009
Location: New York
Posts: 645
Thanks: 64
|
Quote:
Originally Posted by Kalle
yes escape $_SERVER['PHP_SELF'] like: $_SERVER['PHP_SELF'] = htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES);
=)
|
ahhh! thanks!
Quick question, how would I use this in a class?
In the HTML, I would do it the way you just wrote it:
$_SERVER['PHP_SELF'] = htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES);
But when including a class, do I have to do the same thing in the class?
$_SERVER['PHP_SELF'] = htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES);
Reason why I ask this is that in my class I am using $_SERVER['PHP_SELF'] so I want to make sure that is escaped too... |
|
|
|