Page 1 of 1

Using <form action="<?php echo $editFormAction; ?>"

Posted: Thu Jul 30, 2009 2:44 pm
by Addos
Hi,
I need to get the POST array value snail_1 from the following code when it’s passed to page_2.php.

This works ok for me:-

Code: Select all

<form action="page_2.php" method="post" name="form1" id="form1">
 
input type="text" name="subject" value="" size="32" />
     
<input type="hidden" name="mail_1" value="sail_1" />
</form>
When I echo echo $_POST['sail_1']; I get the value snail_1 which is what I need.

However I’m aware that using <form action="page_2.php" is not recommended (and not too sure why just yet but know it’s a security issue) so I have been trying to use something like this:

<form action="<?php echo $editFormAction; ?>"

Code: Select all

 
$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
  $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}
 
$insertGoTo = "page_2.php";
  if (isset($_SERVER['QUERY_STRING'])) {
    $insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";
    $insertGoTo .= $_SERVER['QUERY_STRING'];
  }
  header(sprintf("Location: %s", $insertGoTo));
But when I use this then echo $_POST['sail_1']; is empty on page_2.php and I cannot see why this is. I have also tried $_GET[‘snail_1’]; but this is also empty and I’m not sure what I’m doing wrong.
Any pointers would be great
Thanks

Re: Using <form action="<?php echo $editFormAction; ?>"

Posted: Thu Jul 30, 2009 3:13 pm
by straightman
what about your misspelling sail and snail?

===============================================================


Addos wrote:Hi,
I need to get the POST array value snail_1 from the following code when it’s passed to page_2.php.

This works ok for me:-

Code: Select all

<form action="page_2.php" method="post" name="form1" id="form1">
 
input type="text" name="subject" value="" size="32" />
     
<input type="hidden" name="mail_1" value="sail_1" />
</form>
When I echo echo $_POST['sail_1']; I get the value snail_1 which is what I need.

However I’m aware that using <form action="page_2.php" is not recommended (and not too sure why just yet but know it’s a security issue) so I have been trying to use something like this:

<form action="<?php echo $editFormAction; ?>"

Code: Select all

 
$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
  $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}
 
$insertGoTo = "page_2.php";
  if (isset($_SERVER['QUERY_STRING'])) {
    $insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";
    $insertGoTo .= $_SERVER['QUERY_STRING'];
  }
  header(sprintf("Location: %s", $insertGoTo));
But when I use this then echo $_POST['sail_1']; is empty on page_2.php and I cannot see why this is. I have also tried $_GET[‘snail_1’]; but this is also empty and I’m not sure what I’m doing wrong.
Any pointers would be great
Thanks

Re: Using <form action="<?php echo $editFormAction; ?>"

Posted: Thu Jul 30, 2009 4:01 pm
by Addos
what about your misspelling sail and snail?
That's just a typo in the posting of this script here. I was only protecting the code that I was posting here and I wish it was that that was causing the problem but unfortunately it's not that.
Thanks for the reply

Re: Using <form action="<?php echo $editFormAction; ?>"

Posted: Thu Jul 30, 2009 4:09 pm
by jackpf
Where did you get the idea from that your form action is a "security risk"?

Anyhow, you don't need all that crap generating the form action, I think what you're looking for is $_SERVER['REQUEST_URI'] (includes the query string).

I'm not actually sure what you're trying to do - the two scripts you posted are completely different. If you redirect the user to another page with header(), then there isn't going to be any post data.