朋友们可以告诉我php_self或phpfilename.php
之间哪个好有些人在表单操作中使用“$ _SERVER [PHP_SELF]”,有些人使用“updatedata.php”哪一个好,为什么好呢
答案 0 :(得分:2)
如果您在链接中回显该变量(例如您有XSS攻击,因为所有参数都写入该站点),您不应该使用PHP_SELF它没有真正的问题。
以下是一些很酷的答案。因此,最好使用文件的完整名称,并将需要的参数放在文件名后面。
答案 1 :(得分:1)
Both are doing same job.But `PHP_SELF` is takes the pathname dynamically
If we use filename.php its should be static
'PHP_SELF'
The filename of the currently executing script, relative to the document root. For instance, $_SERVER['PHP_SELF'] in a script at the address http://example.com/test.php/foo.bar would be /test.php/foo.bar. The __FILE__ constant contains the full path and filename of the current (i.e. included) file. If PHP is running as a command-line processor this variable contains the script name since PHP 4.3.0. Previously it was not available.
PATH_INFO(Filename.php) doesn't seem to be documented...