https://stackoverflow.com/questions/22412434
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianNo. If you make actionless form, you don't use $_SERVER["PHP_SELF"], so its safe.
Preventing data injection with htmlspecialchars() function
-
14-06-2023 - |
Question
Many documents recommend to use htmlspecialchars() to get rid of data injection during form submitting. form-validation.
With html5 (i guess) not using action attribute of form, makes the similar effect with using $_SERVER["PHP_SELF"]. Does actionless forms create the same security leak as well?
La solution
Licencié sous: CC-BY-SA avec attribution
Non affilié à StackOverflow
