Hi Joseph, > do you suggest hardcoding the filenames even when referencing the > same file that is executing?
That's what I do, yes, but regardless, blind trust isn't a good idea regarding any data that can be influenced by or provided by a third party. If you anticipate needing to change names/URLs/whatever in the future, you can restrict $_SERVER['PHP_SELF'] to a particular naming convention or a finite set of valid values. (I suffer from URL vanity, so I rarely encounter this problem. Others might have better suggestions.) Chris -- Chris Shiflett http://shiflett.org/ _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php
