Hi, What is action="$PHP_SELF"

Ye' old general discussion board. Basically, for everything that isn't covered elsewhere. Come here to shoot the breeze, shoot your mouth off, or whatever suits your fancy.
This forum is not for asking programming related questions.

Moderator: General Moderators

Post Reply
aaaaaaaaaa
Forum Newbie
Posts: 2
Joined: Wed Jun 21, 2006 7:06 am

Hi, What is action="$PHP_SELF"

Post by aaaaaaaaaa »

Hi, Could anybody expain me this code?
bdlang
Forum Contributor
Posts: 395
Joined: Tue May 16, 2006 8:46 pm
Location: Ventura, CA US

Post by bdlang »

That specific code gives you the ability to say 'use this script when posting the form' in an abstract way; you don't have to hard-code the script name into the form. It's useful when you're including a script with a form on it, etc.

It's part of the $_SERVER superglobal, and in fact, using $PHP_SELF indicates register_globals = On, which is a bad thing. Use $_SERVER['PHP_SELF'] instead.

Before you contemplate using it, however, read the results in Google search: 'php PHP_SELF insecure'.
timvw
DevNet Master
Posts: 4897
Joined: Mon Jan 19, 2004 11:11 pm
Location: Leuven, Belgium

Post by timvw »

If you see get to see action=$_PHP_SELF you should be alert, since in my experience it's a bad sign...

The cleanest solution for this 'snippet' of php/html code is (imho): action='#'
User avatar
Benjamin
Site Administrator
Posts: 6935
Joined: Sun May 19, 2002 10:24 pm

Post by Benjamin »

What about...

Code: Select all

<form method="post" action="">
</form>
timvw
DevNet Master
Posts: 4897
Joined: Mon Jan 19, 2004 11:11 pm
Location: Leuven, Belgium

Post by timvw »

If i remember well, last we tried it (overhere @phpdevnet) some browsers didn't seem to handle '' as target very well. It was then that we found that '#' was a better choice ;)
User avatar
Benjamin
Site Administrator
Posts: 6935
Joined: Sun May 19, 2002 10:24 pm

Post by Benjamin »

Good to know..
timvw
DevNet Master
Posts: 4897
Joined: Mon Jan 19, 2004 11:11 pm
Location: Leuven, Belgium

Post by timvw »

It would have been better if i remembered which browsers (and which versions) had problems with the '' target... This way i could regularly check up on them... Now it seems as if this is going to become a 'rule', but nobody remembers where it came from (Which is not a good thing!)
Post Reply