Help understanding this
Posted: Mon Aug 08, 2005 2:54 pm
I’m looking for a bit of help here in understanding some PHP. I work alone so do go easy as I’m plugging away at my own analyses and am looking for a bit of advice as to whether I’m getting this correct.
My code
****************
The Analysis
<?
Tested on a live server $editFormAction returns:- /form_action_result.php Note ? is missing from the string.
So, if the Query_String is set:
Then proceed to add the “?” into the string.
Tested on a live server $editFormAction returns:-
. htmlentities Certain characters have special significance in HTML, and should be represented by HTML entities if they are to preserve their meanings. This function returns a string with some of these conversions made.
A couple of my questions are as follows.
Why do we need to use action="<?php echo $editFormAction; ?> in the first place. Is this so that somebody cannot try to spoof the page to which the form is being passed to?
The “?” is added to the string once the Query_String is set but why is this needed and why is it no enclosed by ‘?’ instead. I thought that the double quotes were to get PHP to parse any value between the two quotes.
The use of the? is a little puzzling as I appreciate it is not used as a ‘ternary’ operator above but below it has me really puzzled and I have yet to fully analyse this yet.
Many thanks for anyone who has the patience to help me out. I’m only at this as a complete novice since January so apologies if my use of coding language is not accurate.
B
My code
Code: Select all
<?
$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
$editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}
$insertGoTo = "guestbook.php";
if (isset($_SERVER['QUERY_STRING'])) {
$insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";
$insertGoTo .= $_SERVER['QUERY_STRING'];
}
header(sprintf("Location: %s", $insertGoTo));
}
}
}
<form method="post" name="form1" action="<?php echo $editFormAction; ?>">The Analysis
<?
Code: Select all
$editFormAction = $_SERVER['PHP_SELF'];So, if the Query_String is set:
Code: Select all
if (isset($_SERVER['QUERY_STRING'])) {Code: Select all
$editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']); }Code: Select all
/form_action_result.php?A couple of my questions are as follows.
Why do we need to use action="<?php echo $editFormAction; ?> in the first place. Is this so that somebody cannot try to spoof the page to which the form is being passed to?
The “?” is added to the string once the Query_String is set but why is this needed and why is it no enclosed by ‘?’ instead. I thought that the double quotes were to get PHP to parse any value between the two quotes.
The use of the? is a little puzzling as I appreciate it is not used as a ‘ternary’ operator above but below it has me really puzzled and I have yet to fully analyse this yet.
Code: Select all
$insertGoTo = "some_page.php";
if (isset($_SERVER['QUERY_STRING'])) {
$insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";
$insertGoTo .= $_SERVER['QUERY_STRING'];
}
header(sprintf("Location: %s", $insertGoTo));B