No. If you make actionless form, you don't use $_SERVER["PHP_SELF"], so its safe.
Preventing data injection with htmlspecialchars() function
-
14-06-2023 - |
Question
Many documents recommend to use htmlspecialchars() to get rid of data injection during form submitting. form-validation.
With html5 (i guess) not using action attribute of form, makes the similar effect with using $_SERVER["PHP_SELF"]
. Does actionless forms create the same security leak as well?
Solution
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow