Page 1 of 1

Hi, What is action="$PHP_SELF"

Posted: Wed Jun 21, 2006 9:04 am
by aaaaaaaaaa
Hi, Could anybody expain me this code?

Posted: Wed Jun 21, 2006 9:10 am
by bdlang
That specific code gives you the ability to say 'use this script when posting the form' in an abstract way; you don't have to hard-code the script name into the form. It's useful when you're including a script with a form on it, etc.

It's part of the $_SERVER superglobal, and in fact, using $PHP_SELF indicates register_globals = On, which is a bad thing. Use $_SERVER['PHP_SELF'] instead.

Before you contemplate using it, however, read the results in Google search: 'php PHP_SELF insecure'.

Posted: Wed Jun 21, 2006 1:48 pm
by timvw
If you see get to see action=$_PHP_SELF you should be alert, since in my experience it's a bad sign...

The cleanest solution for this 'snippet' of php/html code is (imho): action='#'

Posted: Wed Jun 21, 2006 1:57 pm
by Benjamin
What about...

Code: Select all

<form method="post" action="">
</form>

Posted: Wed Jun 21, 2006 4:17 pm
by timvw
If i remember well, last we tried it (overhere @phpdevnet) some browsers didn't seem to handle '' as target very well. It was then that we found that '#' was a better choice ;)

Posted: Wed Jun 21, 2006 4:18 pm
by Benjamin
Good to know..

Posted: Wed Jun 21, 2006 7:12 pm
by timvw
It would have been better if i remembered which browsers (and which versions) had problems with the '' target... This way i could regularly check up on them... Now it seems as if this is going to become a 'rule', but nobody remembers where it came from (Which is not a good thing!)