Hello, in this video, I am going to show you how to use the PHP self serve function, you know command. So we've got this form right here, maybe we want the form to basically submit, but to reload the current page we are on and using that information will process it accordingly. And for example, if we have all of this, and instead of doing this, what we are going to do, literally put that up here instead. And if we reload it, let's go to the homepage as the payment should be. undefined index undefined index. ignore that for now.
I will actually be covering you know, all of that in a separate video. But it's just saying because we haven't got we haven't sent anything yet. So if we want to send something We want to go back to this current page, we can literally just put like index dot php. So we could put no therefore reload and as approach for 12345, and we get that right here, that is fine. But what if we was to rename these four, we don't want to have to constantly update, everything will form on every single page. What we can do instead is we can actually put PHP code here.
We can put PHP like so and we can echo something out. And wherever we are code will literally just be there. We can put dollar underscore server. And this is an array and from this we can get a PHP underscore self. So let's reload this and let's see what we get. So if we inspect it, as you can see, it gets the exact path.
This is great. This is fantastic. Regardless of what this Name is called is just no great. And obviously this will reload itself. So if I say on an apple pathological password, enter, it works fine tastico just a low note on using this dollar underscore server, PHP self there is a low exploit that hackers can, you know, utilize is called Xs s, which is cross site scripting is basically a sort of security vulnerability that is found in websites. And FSS basically allows attackers to put in inject clients or script into web pages that are viewed by other users.
So for example, if you know less, let's say the information that we're getting from These, let's say, if you know or not from this, for example, maybe from here is being stored somewhere and another user utilizes a later on to display some data, they could do something like they could in the URL in the URL, they could literally put JavaScript code. It's not very easy to do it, but it is a doable thing. So let me see if I can remember what you what we would put. So if we think it's something like sent to tears, so this is just the formatting. So as exceeded a bit, you know, obscure most people won't do this, but it is something that hackers will do. So it is something that we have to you know, factor in script lesson as you can see that Basically, war is going to you know produce as you can see you know it is showing it right there.
If we if we do send free and he so he ends the tag many free porn and what it's going to do something simple like an alert and this is going to say act and now we're going to put sent free C is going to close tag with us and send a copy that just in case all I need to do again is made no mistake and I do that okay what's happened It's more than possible that I've just made a little mistake in order this yulian alert should pop up a little console warning to action. Okay, so he's actually protected it already but to you know make sure it is fully protected. What we want to do is we can enclose this in HTML special chars And what this will do when he prints this part of it out, he would basically remove any of these special characters which will prevent any of this from actually running.
So that's just a little note. And if you just put that function around that you will make it immensely more secure. I highly recommend in general that you use this because you'll just make it more dynamic. So that is it. Any questions? Feel free to shoot me a message and as usual, I look forward to seeing you in the next video.