Page 1 of 1
Question regarding Include and ACTION
Posted: Wed May 14, 2008 12:42 am
by jjl
I was a C/C++ programmer years ago and just started with php a couple of days ago so sorry if my question is a bit simple.
When I use an include blah.php, is that page actually run or just loaded for access to the functions. I was told that it was just loaded far access and that was it. But if that is true how does a - FORM using ACTION = blah2.php work.
I have just downloaded a php security script (LoginRedirect) and the code (to my way of thinking) is all over the place. I may be wrong and prejudging the code but it does not seem to follow logically. Please remember I am new to php and may be thinking too much like a C programmer. This script is what has me confused over the include and Action calls.
Thanks for any advice
Jeremy
Re: Question regarding Include and ACTION
Posted: Wed May 14, 2008 12:48 am
by lafever
An include simply includes a file to access data for your scripts (eg: classes, functions, etc.) Read more
http://hk.php.net/include/ here. It is also good to store these outside of your local web directory for a little more security.
A form action is a predefined variable in PHP which can be called by using $_POST after a FORM is submitted. You can learn more about Predefined variables here
http://hk.php.net/reserved.variables
Re: Question regarding Include and ACTION
Posted: Wed May 14, 2008 1:33 am
by jjl
Thanks for the prompt reply. I have read the pages you posted, thanks.
I am still not sure of the functionality of the Form ACTION = blah.php. I understand POST and the variables situation but I think that is different to ACTION.
The code I have shows in blah.php something similar to the below. This must execute when called by the form as apposed to just loading it like in an include. This file is just code, no definitions etc.
eg. blah.php
<?php
header("Expires: Sat, 01 Jan 2000 00:00:00 GMT");
session_start();
//require the functions file
require ("config.php");
require ("functions.php");
if ((!$lr_user) || (!$lr_pass))
{
$username = $_POST[username];
$password = $_POST[password];
}else{
$username = $lr_user;
$password = $lr_pass;
}
if ($_POST[activate] == "Yes")
{
//make the connection to the database
$connection = @mysql_connect($server, $dbusername, $dbpassword) or die(mysql_error());
$db = @mysql_select_db($db_name,$connection)or die(mysql_error());
//build and issue the query
$sql = "UPDATE $table_name SET `verified` = '1' WHERE username = '$_POST[username]'";
$result = @mysql_query($sql,$connection) or die(mysql_error());
}
//sets session variables
sess_vars($base_dir, $server, $dbusername, $dbpassword, $db_name, $table_name, $username, $password);
//check to see if the user has to change their password
if ($_SESSION[pchange] == "1")
{
$_SESSION[redirect] = "$base_dir/pass_change.html";
}
//check to see if the users acct has been activated by user
if ($_SESSION[verified] == "0")
{
$_SESSION[redirect] = "$base_dir/not_activated.html";
}
//make the connection to the database
$connection = @mysql_connect($server, $dbusername, $dbpassword) or die(mysql_error());
$db = @mysql_select_db($db_name,$connection)or die(mysql_error());
//build and issue the query
$sql ="SELECT * FROM banned";
$result = @mysql_query($sql,$connection) or die(mysql_error());
while ($sql = mysql_fetch_object($result))
{
$banned = $sql -> no_access;
if ($username == $banned || $REMOTE_ADDR == $banned)
{
include ('banned.html');
exit;
}
}
$last_log = last_login();
//updates table with last log as now
$sql = "UPDATE $table_name SET last_login = '$last_log' WHERE username = '$_SESSION[user_name]'";
$result = @mysql_query($sql,$connection) or die(mysql_error());
if (($_SESSION[redirect] != "$base_dir/errorlogin.html") && ($log_login == "1"))
{
include('loglogin.php');
}
//redirects the user
$_SESSION['views'] = 1;
header("Location:$_SESSION[redirect]");
?>
<head>
<title>Redirect</title>
</head>
Re: Question regarding Include and ACTION
Posted: Wed May 14, 2008 4:01 am
by lafever
A forms action attribute is where the form's data is sent to when a user presses 'Submit'
Also you should be using ' ' in your brackets so it would be something like
Code: Select all
$username = $_POST['username'];
$password = $_POST['password'];
Re: Question regarding Include and ACTION
Posted: Wed May 14, 2008 4:20 am
by aceconcepts
Yes, a form's action simply allows you to specify a script you'd like to call when your form is submitted.
However, what is also quite useful is that you can leave the action"" blank and the form will submit to itself - and you can include variables within your form's action
e.g.
Code: Select all
echo'<form action="validate.php?id=' . $userId . ' ">';
Re: Question regarding Include and ACTION
Posted: Wed May 14, 2008 6:54 am
by jjl
Thanks for the help, I understand what is going on now. With the include the php file is just loaded for use as required, and with the form action the php file is actually executed.
Thanks for your help.