PHP Short Notes -Part2

PHP Short Notes -Part2

PHP_SELF

$_SERVER["PHP_SELF"] is a super-global and returns the file name of the currently used file(script).

Why $_SERVER["PHP_SELF"] is used:

due to $_SERVER["PHP_SELF"], you can get an error on the same page you are working from the script running.

How to avoid $_SERVER["PHP_SELF"] from hackers?htmlspecialchars($_SERVER["PHP_SELF"])

htmlspecialchars will give random char in the filename so it will be saved from expoilts.

<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">