...

View Full Version : php post to self thing dosn't work at all.



7Gte
03-13-2007, 06:30 AM
okay, listen up, I'm having problems with my PHP_SELF code, its not working.
It won't post. The only thing that It would does is, well erase everything I
entered (just like what the reset button would do)

anyways, here is my code

this is the beginning: (I know I'm supposed to have hte error thing)


<?php
$first = $_POST["first"];
$last = $_POST["last"];
$instro = $_POST["instro"];
$like = $_POST["like"];
$music = $_POST["music"];
$tellme = $_POST["tellme"];
if (!isset($_POST['submit'])) {
?>
<html> ...


this is the code in the form tag:



<form method="post" action="<?php echo $PHP_SELF;?>">


and this is the output code, telling it how it should display once its done:



</form>
<?php
} else {
echo "first: ". $first . "<p>";
echo "</p>last: " . $last . "<p>";
echo "</p>email: " . $email . "<p>";
echo "</p>instro: " . $instro . "<p>";
echo "</p>likes: " . $like . "<p>";
echo "</p>types of music: ";
foreach ($music as $k => $v)
{
echo $v;
if ($k != count($music) - 1)
echo ", ";
}
echo "<p>";
echo "</p>more info:<p>".$tellme."</p>";
}
?>
</body>
</html>


I've been dealing wiht this problem for days, I don't understand why it dosn't
work! I've looked though hundreds of tutorials, and I can't find an awnser.

Inigoesdr
03-13-2007, 06:59 AM
$_server['php_self'];

7Gte
03-13-2007, 07:29 AM
thks!

CFMaBiSmAd
03-13-2007, 02:35 PM
Both the variable name and the constant value in that are going to be case sensitive -

$_SERVER['PHP_SELF'];

the-dream
03-13-2007, 03:30 PM
Y can also just post it to the same file. Like instead of saying server self and you are working in ' form.php ' just set the action to form.php.

the-dream
03-13-2007, 03:31 PM
Oh!
And welcome to Coding Forums!

aedrin
03-13-2007, 03:34 PM
Y can also just post it to the same file. Like instead of saying server self and you are working in ' form.php ' just set the action to form.php.

This way you could rename the file and not have to worry about it breaking.

maghiel
03-13-2007, 03:37 PM
Y can also just post it to the same file. Like instead of saying server self and you are working in ' form.php ' just set the action to form.php.

i guess thatīs about as smart as using absolute paths

7Gte
03-13-2007, 08:02 PM
Y can also just post it to the same file. Like instead of saying server self and you are working in ' form.php ' just set the action to form.php.

oh, sweet.

so, whats the better way?

CFMaBiSmAd
03-13-2007, 08:16 PM
Use the method that you are (with the proper variable name) -

<form method="post" action="<?php echo $_SERVER['PHP_SELF'];?>">This is independent of the file name that it is contain in and can be reused in other code without the need to remember to edit the action="..." parameter (I have seen more than a few posts where someone stated their form processing code was not working... when in fact it was sending the data to the wrong or non-existent action="..." file.)

Just for the record, the original variable that you had, $PHP_SELF, only works when register_globals are on.

rajbot
03-13-2007, 08:40 PM
$_SERVER[ 'SCRIPT_NAME' ] is the preferred variable to use for this application -- $_SERVER['PHP_SELF'] is based on user input and vulnerable to cross site scripting attacks.

You probably won't encounter these sorts of issues until you build larger apps that start caching pages and the like, but it's good to get in the habit now. It's not fun to be looking at a production application you wrote that someone has inserted a bunch of XSS attacks into.

See here for more information:

http://blog.phpdoc.info/archives/13-guid.html

Inigoesdr
03-13-2007, 11:04 PM
Both the variable name and the constant value in that are going to be case sensitive -

$_SERVER['PHP_SELF'];
That's odd.. I typed them in caps when I posted it.

Nightfire
03-13-2007, 11:07 PM
The forum has the 'anti-shout' setting on. If a post contains all uppercase letters, they'll be converted to lowercase :)

Inigoesdr
03-13-2007, 11:08 PM
The forum has the 'anti-shout' setting on. If a post contains all uppercase letters, they'll be converted to lowercase :)
Ah, thanks for letting me know. :thumbsup:

StupidRalph
03-14-2007, 10:30 PM
$_SERVER[ 'SCRIPT_NAME' ] is the preferred variable to use for this application -- $_SERVER['PHP_SELF'] is based on user input and vulnerable to cross site scripting attacks.

You probably won't encounter these sorts of issues until you build larger apps that start caching pages and the like, but it's good to get in the habit now. It's not fun to be looking at a production application you wrote that someone has inserted a bunch of XSS attacks into.

See here for more information:

http://blog.phpdoc.info/archives/13-guid.html

What about when you add striptags?


strip_tags( $_SERVER['PHP_SELF'] );
$_SERVER[ 'SCRIPT_NAME' ]
Guess I'll look into using $_SERVER[ 'SCRIPT_NAME' ] as an alternative.

Mhtml
03-15-2007, 01:41 PM
oh, sweet.

so, whats the better way?
*cough* IRI's *cough*



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum