Convert Form 'action' over to href

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
Addos
Forum Contributor
Posts: 305
Joined: Mon Jan 17, 2005 4:13 pm

Convert Form 'action' over to href

Post by Addos »

Hi,
I want to replace this:

Code: Select all

<form name="form1" method="post" action="<?php  echo $_SERVER['PHP_SELF']; ?>">
<input name="logout" type="submit" value="Logout when finished">
 <input type="hidden" name="action" value="logout">
</form>
With this or similar (if I can)

Code: Select all

' Logout when finished <a href="' .$_SERVER['PHP_SELF'] .'?action=logout">Logout</a>';
My function is:

Code: Select all

//Stage 2 - The Logout
if ($_POST['action'] == "logout")
    {
    function logout() etc
So I’m not really sure how to approach this as I think that I need to include some sort of Post array in my ‘href’ above but I’m not sure how to go about this or if that is even possible.
Any help would be great
Thanks
Last edited by Benjamin on Sat May 09, 2009 10:04 am, edited 1 time in total.
Reason: Changed code type from text to html, php.
mickd
Forum Contributor
Posts: 397
Joined: Tue Jun 21, 2005 9:05 am
Location: Australia

Re: Convert Form 'action' over to href

Post by mickd »

You'll just need to get the information using this instead:

Code: Select all

 
if($_GET['action'] == 'logout') {
   logout();
}
 
User avatar
kaisellgren
DevNet Resident
Posts: 1675
Joined: Sat Jan 07, 2006 5:52 am
Location: Lahti, Finland.

Re: Convert Form 'action' over to href

Post by kaisellgren »

If you use $_SERVER['PHP_SELF'] on your form like that, you will be vulnerable to XSS attacks.
Addos
Forum Contributor
Posts: 305
Joined: Mon Jan 17, 2005 4:13 pm

Re: Convert Form 'action' over to href

Post by Addos »

You'll just need to get the information using this instead:
Thanks a mil that was too obvious but I appreciate the help.
If you use $_SERVER['PHP_SELF'] on your form like that, you will be vulnerable to XSS attacks.
Can you give me a little more on this as I'm not sure about this issue. Are you saying if I use this without cleaning any input then it's risky or should I just avoid this at all costs. Usually I will clean the input but I'd appreciate any pointers on this.
Thanks
User avatar
kaisellgren
DevNet Resident
Posts: 1675
Joined: Sat Jan 07, 2006 5:52 am
Location: Lahti, Finland.

Re: Convert Form 'action' over to href

Post by kaisellgren »

Addos wrote:Can you give me a little more on this as I'm not sure about this issue. Are you saying if I use this without cleaning any input then it's risky or should I just avoid this at all costs. Usually I will clean the input but I'd appreciate any pointers on this.
Thanks
In that code you are not cleaning anything. If you want to do it without filtering, use $_SERVER['SCRIPT_NAME'].
Post Reply