My code
Code: Select all
<?
$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
$editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}
$insertGoTo = "guestbook.php";
if (isset($_SERVER['QUERY_STRING'])) {
$insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";
$insertGoTo .= $_SERVER['QUERY_STRING'];
}
header(sprintf("Location: %s", $insertGoTo));
}
}
}
<form method="post" name="form1" action="<?php echo $editFormAction; ?>">The Analysis
<?
Code: Select all
$editFormAction = $_SERVER['PHP_SELF'];So, if the Query_String is set:
Code: Select all
if (isset($_SERVER['QUERY_STRING'])) {Code: Select all
$editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']); }Code: Select all
/form_action_result.php?A couple of my questions are as follows.
Why do we need to use action="<?php echo $editFormAction; ?> in the first place. Is this so that somebody cannot try to spoof the page to which the form is being passed to?
The “?” is added to the string once the Query_String is set but why is this needed and why is it no enclosed by ‘?’ instead. I thought that the double quotes were to get PHP to parse any value between the two quotes.
The use of the? is a little puzzling as I appreciate it is not used as a ‘ternary’ operator above but below it has me really puzzled and I have yet to fully analyse this yet.
Code: Select all
$insertGoTo = "some_page.php";
if (isset($_SERVER['QUERY_STRING'])) {
$insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";
$insertGoTo .= $_SERVER['QUERY_STRING'];
}
header(sprintf("Location: %s", $insertGoTo));B