Is is neccessary to use the following?
<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>
Why not <form method="post" action=""> ?
Can someone hack action=""
?
Is is neccessary to use the following?
<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>
Why not <form method="post" action=""> ?
Can someone hack action=""
?
The action attribute isn't required in this case, only if you were to keep the method's script within another file for example.
I'm not sure what you mean by "Can someone hack action=""" but this has nothing to do with things being hacked, as long as you validate the user input of the post and such you should be fine.