Page 1 of 1

Using $_SERVER[PHP_SELF]

Posted: Tue Nov 07, 2006 3:46 pm
by jdhorton77
Burrito | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]


Hello all:

I'm trying to use $SERVER[PHP_SELF] in my action parameter in my HTML form tag. And it works when I just type it out as an HTML form. But I'm trying to echo the form code in a php function to be called in an if statement in the body area. Here's a snippet of what I have so far...

Code: Select all

function showform()
	{
	echo '
	<form action="<?PHP echo $_SERVER[PHP_SELF]; ?>" method="post">
		Username: <input type="text" name="username" tabindex=1 > 
		Password: <input type="text" name="password" tabindex=2 > 
		
		<input type="hidden" name="submitted" value="submitted" >
		<input type="submit" name="submit" value="Submit" >
	</form>
	';
	}
and here is the if statement...

Code: Select all

<body>
        <?php 
	if (array_key_exists('submitted', $_POST))
	{
		nextform();
	}
	else
	{
		showform();
	}
         ?>
</body>
Now when I access the page in my explorer it shows the form, but when I submit it throws up an ie error page. If anyone can help me out I would so greatly appreciate it. Thanks


Burrito | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]

Posted: Tue Nov 07, 2006 3:50 pm
by Burrito
set and return a variable in your function then echo out your function result.

also, you'll need to use the concat operator (.) to tie your string together. The way you have it now (with some weird embeded echo) won't work.

Posted: Tue Nov 07, 2006 3:51 pm
by brendandonhue

Code: Select all

function showform()
        {
        echo '
        <form action="' . $_SERVER['PHP_SELF'] . '" method="post">
                Username: <input type="text" name="username" tabindex=1 >
                Password: <input type="text" name="password" tabindex=2 >
               
                <input type="hidden" name="submitted" value="submitted" >
                <input type="submit" name="submit" value="Submit" >
        </form>
        ';
        }

Posted: Tue Nov 07, 2006 3:56 pm
by Chris Corbyn
Or...

Code: Select all

function showform()
{
        ?>
        <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
                Username: <input type="text" name="username" tabindex=1 >
                Password: <input type="text" name="password" tabindex=2 >
               
                <input type="hidden" name="submitted" value="submitted" >
                <input type="submit" name="submit" value="Submit" >
        </form>
        <?php
}

Posted: Tue Nov 07, 2006 4:14 pm
by jdhorton77
Thank you guys sooo much. I've been trying to figure that one out for a while now. I was just about to pull out my last bit of hair.

Posted: Tue Nov 07, 2006 6:39 pm
by timvw
Right now your form is open for XSS attacks... Instead of using $_SERVER['PHP_SELF'] as target for your form you can also use '#' as target, which leads to exactly the same result (post to the same url) with that difference that it's impossible to inject malicious data into your html.

Code: Select all

<form action="#" method="post">
</form>

Posted: Tue Nov 07, 2006 8:18 pm
by feyd
Also be aware that the button isn't necessarily going to be in the submission data.