which is good php_self or phpfilename.php

Question

friends can any body tell me which is good between php_self or phpfilename.php

some persons use in form action "$_SERVER[PHP_SELF]" and some use "updatedata.php" which one is good and why it is good

score 2 · Accepted Answer · edited May 23 '17 at 12:28

2

You shouldn't use PHP_SELF its not really neaded the problem is if you echo that variable in a link for example you have XSS attack because all parameters are written to the site.

PHP_SELF and XSS

Here are some cool answers. So its better to use the complete name of the file and put the parameters you need filtered behind the filename.

edited May 23 '17 at 12:28

Community

1
1

answered Dec 20 '14 at 11:38

René Höhle

26,716
22
73
82

score 1 · Answer 2 · answered Dec 20 '14 at 11:38

    Both are doing same job.But `PHP_SELF` is takes the pathname dynamically
If we use filename.php its should be static

'PHP_SELF'

        The filename of the currently executing script, relative to the document root. For instance, $_SERVER['PHP_SELF'] in a script at the address http://example.com/test.php/foo.bar would be /test.php/foo.bar. The __FILE__ constant contains the full path and filename of the current (i.e. included) file. If PHP is running as a command-line processor this variable contains the script name since PHP 4.3.0. Previously it was not available.

    PATH_INFO(Filename.php) doesn't seem to be documented...

which is good php_self or phpfilename.php

2 Answers2