I am a newbie to PHP still, so excuse this question if it seems silly, but I was wondering if this is safe usage of $_SERVER['PHP_SELF']
.
From my reading about what's wrong with it (prone to injection), I was wondering if it safe to compare it.
For example, I want the PHP/CSS stylesheet to change depending on the page the person is on, so in the PHP/CSS, it would have an if
statement checking $_SERVER['PHP_SELF']
to see if the page their visiting requires a different stylesheet.
Example:
if ($_SERVER['PHP_SELF'] === $thisPage) { }
Could malicious code affect me this way? Could I simply validate/cleanse it, then use it?