I’ve read that using $_SERVER[‘PHP_SELF’] is hackable. I am in the process of using some old code on a new website and I have:
<a href="<?php echo $_SERVER['PHP_SELF']; ?>?action=log_out">Click here to log out.</a>What is the proper syntax to change the php to html and still use the log_out action?
Thanks
I’ve got it working now with -
<a href="index.html?action=log_out">logout</a>Here’s a nice way to sanitize it ->
[php]/* Get the current page */
$phpSelf = filter_input(INPUT_SERVER, ‘PHP_SELF’, FILTER_SANITIZE_URL);
$path_parts = pathinfo($phpSelf);
$basename = $path_parts[‘basename’]; // Use this variable for action=’’ in a form for example:
$pageName = ucfirst($path_parts[‘filename’]);[/php]
Oh my.
OP, just leave the php part out.
<a href="/?action=log_out">Click here to log out.</a>