friends can any body tell me which is good between php_self or phpfilename.php
some persons use in form action "$_SERVER[PHP_SELF]" and some use "updatedata.php" which one is good and why it is good
friends can any body tell me which is good between php_self or phpfilename.php
some persons use in form action "$_SERVER[PHP_SELF]" and some use "updatedata.php" which one is good and why it is good
You shouldn't use PHP_SELF
its not really neaded the problem is if you echo that variable in a link for example you have XSS attack because all parameters are written to the site.
Here are some cool answers. So its better to use the complete name of the file and put the parameters you need filtered behind the filename.