Page 1 of 1

Problem with $_SERVER['PHP_SELF']

Posted: Sat May 05, 2007 10:14 pm
by nova_joseph2000

Code: Select all

<?php

if($_POST['submit'] == 'Submit')
{
  if(!$_POST['email'] ||$_POST['email'] == "" || strlen($_POST['email'] >30 )) 
  {
    $message = '<p> There is a  Problem .Did you enter an email address ?</p>';
   }
   else
   {
   //Open connection to the database
   mysql_connect("localhost","root","") or die ("Failure to communicate with database");
   mysql_select_db("test");
   
   //Insert email adresses
   $as_email = addslashes($_POST['email']);
   $tr_email = trim($as_email);
   $query ="INSERT INTO test4040 (ID,Email,Source)
             VALUES(NULL,'$tr_emial',www.example.com')";
	$result = mysql_query($query);
	if(mysql_affected_rows() == 1)
	{
	 $message ='<p>Your record has been recorded.</p>';
	 
	 $noform_var = 1;
	 }
	  else	  {
	    error_log(mysql_error());
	    $message = '<p>Your information has been wrong eith your sing up attempt.</p>';
	 }
 }
 
 //Show The form in every cae except successful submission
 
 if (!noform_var)
 {
 $thisfile =$_SERVER['PHP_SELF'];
 $message = <<< EOMSG
<p>Enter your email in every address and we will send you our weekly newsletter .</p>
<form method="post" action="$thisfile">
<br /><br />
<input type="submit" value="Submit" />
</form>
EOMSG;
}
}
?>
<html>
<head>
<style type="text/css">
<!--
body,p {color:#000000; font-family:Verdana, Arial, Helvetica, sans-serif; font-size:10px;}
-->
</style>
</head>
<body>
<table border="0" cellpadding="10" width="100%">
<tr>
<td bgcolor="#fof8ff" align="center" valign="top" width="17%">
</td>
<td bgcolor="#ffffff" align="left" valign="top" width="83%">
<h1>Newsletter sing up form</h1>
<?php echo $message; ?>
</td>
</tr>
</table>
</body>
</html>
I was executed in the the above programe the result page is xecuted only

Code: Select all

<html>
<head>
<style type="text/css">
<!--
body,p {color:#000000; font-family:Verdana, Arial, Helvetica, sans-serif; font-size:10px;}
-->
</style>
</head>
<body>
<table border="0" cellpadding="10" width="100%">
<tr>
<td bgcolor="#fof8ff" align="center" valign="top" width="17%">
</td>
<td bgcolor="#ffffff" align="left" valign="top" width="83%">
<h1>Newsletter sing up form</h1>
<?php echo $message; ?>
</td>
</tr>
</table>
</body>
</html>

Posted: Sat May 05, 2007 10:33 pm
by RobertGonzalez
Your problem is here:

Code: Select all

if (!noform_var)

Posted: Sat May 05, 2007 10:47 pm
by nova_joseph2000
thanks for reply but

Posted: Sat May 05, 2007 10:58 pm
by RobertGonzalez
But?...

FYI, PHP_SELF is very insecure and prone to injection attacks. There are other methods to get at the current filename. One of my favorites is basename(__FILE__).

Re: Problem with $_SERVER['PHP_SELF']

Posted: Sun May 06, 2007 12:47 am
by Z3RO21
nova_joseph2000 wrote:

Code: Select all

strlen($_POST['email'] >30)
What if my e-mail was a@short.com ?

And in any case it would not work it is not set up right, you probably meant this:

Code: Select all

strlen($_POST['email']) >30

Posted: Sun May 06, 2007 2:26 am
by nova_joseph2000
i changed abive thing but not executed fully


<?php echo $message; ?>

Code: Select all

<?php echo $message; ?>
its not working

Posted: Sun May 06, 2007 3:02 am
by RobertGonzalez
Before you handle any conditionals, literally right after the opening PHP tag, put this:
<?php
$message = 'This is the default message';
// rest of the code
?>

I suspect something is not firing properly to ever get into the part of the script where the message variable is set. Also, are getting a blank output or are you actually seeing the PHP code in the output?