Using <form action="<?php echo $editFormAction; ?>"

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
Addos
Forum Contributor
Posts: 305
Joined: Mon Jan 17, 2005 4:13 pm

Using <form action="<?php echo $editFormAction; ?>"

Post by Addos »

Hi,
I need to get the POST array value snail_1 from the following code when it’s passed to page_2.php.

This works ok for me:-

Code: Select all

<form action="page_2.php" method="post" name="form1" id="form1">
 
input type="text" name="subject" value="" size="32" />
     
<input type="hidden" name="mail_1" value="sail_1" />
</form>
When I echo echo $_POST['sail_1']; I get the value snail_1 which is what I need.

However I’m aware that using <form action="page_2.php" is not recommended (and not too sure why just yet but know it’s a security issue) so I have been trying to use something like this:

<form action="<?php echo $editFormAction; ?>"

Code: Select all

 
$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
  $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}
 
$insertGoTo = "page_2.php";
  if (isset($_SERVER['QUERY_STRING'])) {
    $insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";
    $insertGoTo .= $_SERVER['QUERY_STRING'];
  }
  header(sprintf("Location: %s", $insertGoTo));
But when I use this then echo $_POST['sail_1']; is empty on page_2.php and I cannot see why this is. I have also tried $_GET[‘snail_1’]; but this is also empty and I’m not sure what I’m doing wrong.
Any pointers would be great
Thanks
straightman
Forum Commoner
Posts: 48
Joined: Sun Apr 19, 2009 5:20 am

Re: Using <form action="<?php echo $editFormAction; ?>"

Post by straightman »

what about your misspelling sail and snail?

===============================================================


Addos wrote:Hi,
I need to get the POST array value snail_1 from the following code when it’s passed to page_2.php.

This works ok for me:-

Code: Select all

<form action="page_2.php" method="post" name="form1" id="form1">
 
input type="text" name="subject" value="" size="32" />
     
<input type="hidden" name="mail_1" value="sail_1" />
</form>
When I echo echo $_POST['sail_1']; I get the value snail_1 which is what I need.

However I’m aware that using <form action="page_2.php" is not recommended (and not too sure why just yet but know it’s a security issue) so I have been trying to use something like this:

<form action="<?php echo $editFormAction; ?>"

Code: Select all

 
$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
  $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}
 
$insertGoTo = "page_2.php";
  if (isset($_SERVER['QUERY_STRING'])) {
    $insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";
    $insertGoTo .= $_SERVER['QUERY_STRING'];
  }
  header(sprintf("Location: %s", $insertGoTo));
But when I use this then echo $_POST['sail_1']; is empty on page_2.php and I cannot see why this is. I have also tried $_GET[‘snail_1’]; but this is also empty and I’m not sure what I’m doing wrong.
Any pointers would be great
Thanks
Addos
Forum Contributor
Posts: 305
Joined: Mon Jan 17, 2005 4:13 pm

Re: Using <form action="<?php echo $editFormAction; ?>"

Post by Addos »

what about your misspelling sail and snail?
That's just a typo in the posting of this script here. I was only protecting the code that I was posting here and I wish it was that that was causing the problem but unfortunately it's not that.
Thanks for the reply
User avatar
jackpf
DevNet Resident
Posts: 2119
Joined: Sun Feb 15, 2009 7:22 pm
Location: Ipswich, UK

Re: Using <form action="<?php echo $editFormAction; ?>"

Post by jackpf »

Where did you get the idea from that your form action is a "security risk"?

Anyhow, you don't need all that crap generating the form action, I think what you're looking for is $_SERVER['REQUEST_URI'] (includes the query string).

I'm not actually sure what you're trying to do - the two scripts you posted are completely different. If you redirect the user to another page with header(), then there isn't going to be any post data.
Post Reply